fix(HTTP Request Node): Fix prototype pollution vulnerability (#15463)

2025-12-18 02:21:13 +00:00 · 2025-05-20 15:39:33 +02:00
parent 8d1170e3dd
commit 1ffc33dcc6
6 changed files with 65 additions and 9 deletions
--- a/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts
+++ b/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts
@@ -7,7 +7,7 @@ import type {
 	IHttpRequestMethods,
 	IRequestOptions,
 } from 'n8n-workflow';
-import { NodeApiError } from 'n8n-workflow';
+import { isSafeObjectProperty, NodeApiError } from 'n8n-workflow';

 import { getGoogleAccessToken } from '../../GenericFunctions';

@@ -82,8 +82,6 @@ export async function googleApiRequestAllItems(
 const isValidDate = (str: string) =>
 	moment(str, ['YYYY-MM-DD HH:mm:ss Z', moment.ISO_8601], true).isValid();

-const protoKeys = ['__proto__', 'prototype', 'constructor'];
-
 // Both functions below were taken from Stack Overflow jsonToDocument was fixed as it was unable to handle null values correctly
 // https://stackoverflow.com/questions/62246410/how-to-convert-a-firestore-document-to-plain-json-and-vice-versa
 // Great thanks to https://stackoverflow.com/users/3915246/mahindar
@@ -108,7 +106,7 @@ export function jsonToDocument(value: string | number | IDataObject | IDataObjec
 	} else if (typeof value === 'object') {
 		const obj: IDataObject = {};
 		for (const key of Object.keys(value)) {
-			if (value.hasOwnProperty(key) && !protoKeys.includes(key)) {
+			if (value.hasOwnProperty(key) && isSafeObjectProperty(key)) {
 				obj[key] = jsonToDocument((value as IDataObject)[key] as IDataObject);
 			}
 		}