tools,doc: add guards against prototype pollution when creating proxies (!43391) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/aduh95/proxy-prototype-pollution into main Jun 12, 2022

When defining a Proxy, the handler object could be at risk of prototype pollution when using a plain object literal:

// User-land
Object.prototype.get = () => 'Unrelated user-provided data';
// Core
const objectToProxy = { someProperty: 'genuine value' };
const proxyWithPlainObjectLiteral = new Proxy(objectToProxy, {
  has() { return false; },
});
console.log(proxyWithPlainObjectLiteral.someProperty); // Unrelated user-provided data
const proxyWithNullPrototypeObject = new Proxy(objectToProxy, {
  __proto__: null,
  has() { return false; },
});
console.log(proxyWithNullPrototypeObject.someProperty); // genuine value

Admin message

Admin message

tools,doc: add guards against prototype pollution when creating proxies

Merge request reports