From 13c01a5327736903704984b7f65616b8476850cc Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Tue, 10 Mar 2020 09:04:33 -1000
Subject: [PATCH] more failing proto pollution tests

---
 test/proto.js | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/test/proto.js b/test/proto.js
index 87490c3..a2499ec 100644
--- a/test/proto.js
+++ b/test/proto.js
@@ -5,5 +5,33 @@ test('proto pollution', function (t) {
     var argv = parse(['--__proto__.x','123']);
     t.equal({}.x, undefined);
     t.equal(argv.__proto__.x, 123);
+    t.equal(argv.x, undefined);
+    t.end();
+});
+
+test('proto pollution (array)', function (t) {
+    var argv = parse(['--x','4','--x','5','--x.__proto__.z','789']);
+    t.equal({}.z, undefined);
+    t.deepEqual(argv.x, [4,5]);
+    t.equal(argv.x.z, undefined);
+    t.equal(argv.x.__proto__.z, 789);
+    t.end();
+});
+
+test('proto pollution (number)', function (t) {
+    var argv = parse(['--x','5','--x.__proto__.z','100']);
+    t.equal({}.z, undefined);
+    t.equal((4).z, undefined);
+    t.equal(argv.x, 5);
+    t.equal(argv.x.z, undefined);
+    t.end();
+});
+
+test('proto pollution (string)', function (t) {
+    var argv = parse(['--x','abc','--x.__proto__.z','def']);
+    t.equal({}.z, undefined);
+    t.equal('...'.z, undefined);
+    t.equal(argv.x, 'abc');
+    t.equal(argv.x.z, undefined);
     t.end();
 });