[x] The original function was vulnerable to prototype pollution because it used the Object.keys() method to iterate over the opts object. This method returns an array of all the keys in the object, including the special proto property. If an attacker were to pass an object to the opts parameter that had a proto property, the getEffectiveOptions() function would copy this property to the options object. This would allow the attacker to control the prototype of the options object, which could lead to security vulnerabilities.
[x] The updated function prevents prototype pollution by using the for...in loop to iterate over the opts object. The for...in loop does not return the proto property, so it is not possible for an attacker to pollute the prototype of the options object.
[x] The updated function also freezes the options object after it has been created. This prevents the attacker from modifying the options object after it has been returned from the function.
enable
[x] The original function was vulnerable to prototype pollution because it used the options object as a parameter. This means that the attacker could pass an object to the enable() function that had a proto property. If the enable() function then modified the options object, the attacker could control the prototype of the options object, which could lead to security vulnerabilities.
[x] The updated function prevents prototype pollution by freezing the options object after it has been created. This prevents the attacker from modifying the options object after it has been returned from the function.
Code Changes
getEffectiveOptions
// Old code:
Object.keys(opts).forEach(function (key) {
options[key] = opts[key];
});
// New code:
for (key, value in opts) {
options[key] = value;
}
- ***enable***
```js
// Prevent prototype pollution by freezing the options object
options = Object.freeze(options);
CVE-2022-37614-Patch - Preventing prototype pollution by freezing the options object
Patch to the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-37614
Updates
getEffectiveOptions
[x] The original function was vulnerable to prototype pollution because it used the Object.keys() method to iterate over the opts object. This method returns an array of all the keys in the object, including the special proto property. If an attacker were to pass an object to the opts parameter that had a proto property, the getEffectiveOptions() function would copy this property to the options object. This would allow the attacker to control the prototype of the options object, which could lead to security vulnerabilities.
[x] The updated function prevents prototype pollution by using the for...in loop to iterate over the opts object. The for...in loop does not return the proto property, so it is not possible for an attacker to pollute the prototype of the options object.
[x] The updated function also freezes the options object after it has been created. This prevents the attacker from modifying the options object after it has been returned from the function.
enable
[x] The original function was vulnerable to prototype pollution because it used the options object as a parameter. This means that the attacker could pass an object to the enable() function that had a proto property. If the enable() function then modified the options object, the attacker could control the prototype of the options object, which could lead to security vulnerabilities.
[x] The updated function prevents prototype pollution by freezing the options object after it has been created. This prevents the attacker from modifying the options object after it has been returned from the function.
Code Changes
// New code: for (key, value in opts) { options[key] = value; }