Skip to content

tools,doc: add guards against prototype pollution when creating proxies#43391

Merged
aduh95 merged 1 commit intonodejs:mainfrom
aduh95:proxy-prototype-pollution
Jun 15, 2022
Merged

tools,doc: add guards against prototype pollution when creating proxies#43391
aduh95 merged 1 commit intonodejs:mainfrom
aduh95:proxy-prototype-pollution

Conversation

@aduh95
Copy link
Contributor

@aduh95 aduh95 commented Jun 12, 2022

When defining a Proxy, the handler object could be at risk of prototype
pollution when using a plain object literal:

// User-land
Object.prototype.get = () => 'Unrelated user-provided data';
// Core
const objectToProxy = { someProperty: 'genuine value' };
const proxyWithPlainObjectLiteral = new Proxy(objectToProxy, {
  has() { return false; },
});
console.log(proxyWithPlainObjectLiteral.someProperty); // Unrelated user-provided data
const proxyWithNullPrototypeObject = new Proxy(objectToProxy, {
  __proto__: null,
  has() { return false; },
});
console.log(proxyWithNullPrototypeObject.someProperty); // genuine value

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChALkeR ChALkeR ChALkeR approved these changes

@jasnell jasnell jasnell approved these changes

@LiviaMedeiros LiviaMedeiros LiviaMedeiros approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue-failed An error occurred while landing this pull request using GitHub Actions. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. needs-ci PRs that need a full CI run. tools Issues and PRs related to the tools directory.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@aduh95 @nodejs-github-bot @ChALkeR @jasnell @LiviaMedeiros @targos