admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Fix prototype pollution in applyMergePatch via blocked key filter

Browse Source 
applyMergePatch in merge-patch.ts iterates Object.entries(patch) without
filtering dangerous keys. When a caller passes a JSON-parsed object with
a "__proto__" key, the loop assigns result["__proto__"] = value, which
replaces the prototype of result and pollutes Object.prototype for the
entire process.

Add a BLOCKED_KEYS set ({"__proto__", "constructor", "prototype"}) and
skip those keys during iteration, matching the guard already present in
deepMerge (includes.ts) via isBlockedObjectKey.

Adds four tests covering __proto__, constructor, prototype, and nested
__proto__ injection.

Co-authored-by: Clawborn <tianrun.yang103@gmail.com>
This commit is contained in:
Clawborn
2026-02-22 05:42:22 +08:00
committed by Peter Steinberger
parent 780bbbd062
commit e23c08b5f4
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/config/merge-patch.proto-pollution.test.ts Normal file
View File

@@ -0,0 +1,40 @@
import { describe, it, expect } from "vitest";
import { applyMergePatch } from "./merge-patch.js";
describe("applyMergePatch prototype pollution guard", () => {
it("ignores __proto__ keys in patch", () => {
const base = { a: 1 };
const patch = JSON.parse('{"__proto__": {"polluted": true}, "b": 2}');
const result = applyMergePatch(base, patch) as Record<string, unknown>;
expect(result.b).toBe(2);
expect(result.a).toBe(1);
expect(Object.prototype.hasOwnProperty.call(result, "__proto__")).toBe(false);
expect(({} as Record<string, unknown>).polluted).toBeUndefined();
});
it("ignores constructor key in patch", () => {
const base = { a: 1 };
const patch = { constructor: { polluted: true }, b: 2 };
const result = applyMergePatch(base, patch) as Record<string, unknown>;
expect(result.b).toBe(2);
expect(Object.prototype.hasOwnProperty.call(result, "constructor")).toBe(false);
});
it("ignores prototype key in patch", () => {
const base = { a: 1 };
const patch = { prototype: { polluted: true }, b: 2 };
const result = applyMergePatch(base, patch) as Record<string, unknown>;
expect(result.b).toBe(2);
expect(Object.prototype.hasOwnProperty.call(result, "prototype")).toBe(false);
});
it("ignores __proto__ in nested patches", () => {
const base = { nested: { x: 1 } };
const patch = JSON.parse('{"nested": {"__proto__": {"polluted": true}, "y": 2}}');
const result = applyMergePatch(base, patch) as { nested: Record<string, unknown> };
expect(result.nested.y).toBe(2);
expect(result.nested.x).toBe(1);
expect(Object.prototype.hasOwnProperty.call(result.nested, "__proto__")).toBe(false);
expect(({} as Record<string, unknown>).polluted).toBeUndefined();
});
});

6
src/config/merge-patch.ts
View File

@@ -2,6 +2,9 @@ import { isPlainObject } from "../utils.js";
type PlainObject = Record<string, unknown>;
/** Keys that must never be merged to prevent prototype-pollution attacks. */
const BLOCKED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
type MergePatchOptions = {
mergeObjectArraysById?: boolean;
};
@@ -70,6 +73,9 @@ export function applyMergePatch(
const result: PlainObject = isPlainObject(base) ? { ...base } : {};
for (const [key, value] of Object.entries(patch)) {
if (BLOCKED_KEYS.has(key)) {
continue;
}
if (value === null) {
delete result[key];
continue;