fix(HTTP Request Node): Fix prototype pollution vulnerability (#15463)

2025-12-16 17:46:45 +00:00 · 2025-05-20 15:39:33 +02:00
parent 8d1170e3dd
commit 1ffc33dcc6
6 changed files with 65 additions and 9 deletions
--- a/packages/workflow/test/utils.test.ts
+++ b/packages/workflow/test/utils.test.ts
@@ -9,6 +9,8 @@ import {
 	randomInt,
 	randomString,
 	hasKey,
+	isSafeObjectProperty,
+	setSafeObjectProperty,
 } from '@/utils';

 describe('isObjectEmpty', () => {
@@ -366,3 +368,29 @@ describe('hasKey', () => {
 		}
 	});
 });
+
+describe('isSafeObjectProperty', () => {
+	it.each([
+		['__proto__', false],
+		['prototype', false],
+		['constructor', false],
+		['getPrototypeOf', false],
+		['safeKey', true],
+		['anotherKey', true],
+		['toString', true],
+	])('should return %s for key "%s"', (key, expected) => {
+		expect(isSafeObjectProperty(key)).toBe(expected);
+	});
+});
+
+describe('setSafeObjectProperty', () => {
+	it.each([
+		['safeKey', 123, { safeKey: 123 }],
+		['__proto__', 456, {}],
+		['constructor', 'test', {}],
+	])('should set property "%s" safely', (key, value, expected) => {
+		const obj: Record<string, unknown> = {};
+		setSafeObjectProperty(obj, key, value);
+		expect(obj).toEqual(expected);
+	});
+});