From cad7dc94e8ac9b9f4066d216666412753d03be67 Mon Sep 17 00:00:00 2001
From: Evgeny Poberezkin <e.poberezkin@me.com>
Date: Sat, 24 Mar 2018 22:18:09 +0000
Subject: [PATCH] fix: check only own properties of schema, change property
 limit for equility check from 5 to 8, fixes #743

---
 lib/dot/properties.jst |  4 ++--
 spec/issues.spec.js    | 37 +++++++++++++++++++++++++++++++++++++
 spec/options.spec.js   | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/lib/dot/properties.jst b/lib/dot/properties.jst
index dc8ab7b..8b1442b 100644
--- a/lib/dot/properties.jst
+++ b/lib/dot/properties.jst
@@ -58,8 +58,8 @@ var {{=$nextValid}} = true;
     {{? $someProperties }}
       var isAdditional{{=$lvl}} = !(false
         {{? $schemaKeys.length }}
-          {{? $schemaKeys.length > 5 }}
-            || validate.schema{{=$schemaPath}}[{{=$key}}]
+          {{? $schemaKeys.length > 8 }}
+            || validate.schema{{=$schemaPath}}.hasOwnProperty({{=$key}})
           {{??}}
             {{~ $schemaKeys:$propertyKey }}
               || {{=$key}} == {{= it.util.toQuotedString($propertyKey) }}
diff --git a/spec/issues.spec.js b/spec/issues.spec.js
index ee181bb..87c21a4 100644
--- a/spec/issues.spec.js
+++ b/spec/issues.spec.js
@@ -666,3 +666,40 @@ describe('full date format validation should understand leap years', function ()
     ajv.validate(schema, invalidDate) .should.equal(false);
   });
 });
+
+
+describe('property __proto__ should be removed with removeAdditional option, issue #743', function() {
+  it('should remove additional properties', function() {
+    var ajv = new Ajv({removeAdditional: true});
+
+    var schema = {
+      properties: {
+        obj: {
+          additionalProperties: false,
+          properties: {
+            a: { type: 'string' },
+            b: { type: 'string' },
+            c: { type: 'string' },
+            d: { type: 'string' },
+            e: { type: 'string' },
+            f: { type: 'string' },
+            g: { type: 'string' },
+            h: { type: 'string' },
+            i: { type: 'string' }
+          }
+        }
+      }
+    };
+
+    var obj= Object.create(null);
+    obj.__proto__ = null; // should be removed
+    obj.additional = 'will be removed';
+    obj.a = 'valid';
+    obj.b = 'valid';
+
+    var data = {obj: obj};
+
+    ajv.validate(schema, data) .should.equal(true);
+    Object.keys(data.obj) .should.eql(['a', 'b']);
+  });
+});
diff --git a/spec/options.spec.js b/spec/options.spec.js
index f0f949d..511c759 100644
--- a/spec/options.spec.js
+++ b/spec/options.spec.js
@@ -46,6 +46,46 @@ describe('Ajv Options', function () {
     });
 
 
+    it('should remove properties that would error when `additionalProperties = false` (many properties, boolean schema)', function() {
+      var ajv = new Ajv({removeAdditional: true});
+
+      var schema = {
+        properties: {
+          obj: {
+            additionalProperties: false,
+            properties: {
+              a: { type: 'string' },
+              b: false,
+              c: { type: 'string' },
+              d: { type: 'string' },
+              e: { type: 'string' },
+              f: { type: 'string' },
+              g: { type: 'string' },
+              h: { type: 'string' },
+              i: { type: 'string' }
+            }
+          }
+        }
+      };
+
+      var data = {
+        obj: {
+          a: 'valid',
+          b: 'should not be removed',
+          additional: 'will be removed'
+        }
+      };
+
+      ajv.validate(schema, data) .should.equal(false);
+      data .should.eql({
+        obj: {
+          a: 'valid',
+          b: 'should not be removed'
+        }
+      });
+    });
+
+
     it('should remove properties that would error when `additionalProperties` is a schema', function() {
       var ajv = new Ajv({ removeAdditional: 'failing' });