Skip to content

fix(security): prevent prototype pollution via unsanitized config path [MEDIUM] #1558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Joshua-Medvinsky wants to merge 1 commit into
base: main
Choose a base branch
from
+46 −1
Open

fix(security): prevent prototype pollution via unsanitized config path [MEDIUM] #1558

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions nemoclaw/src/commands/migration-state.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

import { describe, it, expect, beforeEach, vi } from "vitest";
import type { PluginLogger } from "../index.js";
import { setConfigValue } from "./migration-state.js";

// ---------------------------------------------------------------------------
// fs mock — thin in-memory store keyed by absolute path
Expand Down Expand Up @@ -1417,4 +1418,37 @@ describe("commands/migration-state", () => {
}
});
});

// ── setConfigValue prototype pollution guard ─────────────────────

describe("setConfigValue", () => {
it.each(["__proto__", "constructor", "prototype"])(
"rejects unsafe path segment: %s",
(segment) => {
const doc: Record<string, unknown> = {};
expect(() => setConfigValue(doc, `${segment}.polluted`, "true")).toThrow(
/Unsafe config path segment/,
);
},
);

it("rejects __proto__ in nested position", () => {
const doc: Record<string, unknown> = {};
expect(() =>
setConfigValue(doc, `agents.__proto__.isAdmin`, "true"),
).toThrow(/Unsafe config path segment/);
});
Comment on lines +1425 to +1440
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add nested constructor/prototype cases to match the security test plan.

Current coverage checks nested __proto__, but not nested constructor/prototype paths (for example foo.prototype.bar), which were called out in the PR objective.

Suggested test additions 
   it("rejects __proto__ in nested position", () => {
     const doc: Record<string, unknown> = {};
     expect(() =>
       setConfigValue(doc, `agents.__proto__.isAdmin`, "true"),
     ).toThrow(/Unsafe config path segment/);
   });

+  it.each(["foo.prototype.bar", "foo.constructor.bar"])(
+    "rejects unsafe segment in nested path: %s",
+    (path) => {
+      const doc: Record<string, unknown> = {};
+      expect(() => setConfigValue(doc, path, "true")).toThrow(
+        /Unsafe config path segment/,
+      );
+    },
+  );
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@nemoclaw/src/commands/migration-state.test.ts` around lines 1425 - 1440, The
tests currently check nested "__proto__" but miss nested "constructor" and
"prototype" cases; update the migration-state tests that call setConfigValue so
they also assert nested unsafe segments are rejected (e.g., add expectations
like expect(() => setConfigValue(doc, `agents.constructor.isAdmin`,
"true")).toThrow(/Unsafe config path segment/) and expect(() =>
setConfigValue(doc, `agents.prototype.isAdmin`, "true")).toThrow(/Unsafe config
path segment/)); you can either add two new it(...) blocks mirroring the
"__proto__" nested case or extend the existing it.each/array of segments used
with setConfigValue to include "constructor" and "prototype" so setConfigValue
is validated for all three unsafe segments.


it("allows legitimate dotted paths", () => {
const doc: Record<string, unknown> = {};
setConfigValue(doc, "agents.list[0].workspace", "/tmp/ws");
expect((doc as any).agents.list[0].workspace).toBe("/tmp/ws");
});

it("allows simple top-level keys", () => {
const doc: Record<string, unknown> = {};
setConfigValue(doc, "theme", "dark");
expect(doc.theme).toBe("dark");
});
});
});
13 changes: 12 additions & 1 deletion nemoclaw/src/commands/migration-state.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -588,7 +588,10 @@ function resolveConfigSourcePath(manifest: SnapshotManifest, snapshotDir: string
return path.join(snapshotDir, "openclaw", "openclaw.json");
}

function setConfigValue(
const UNSAFE_PROPERTY_NAMES = new Set(["__proto__", "constructor", "prototype"]);

/** @visibleForTesting */
export function setConfigValue(
document: Record<string, unknown>,
configPath: string,
value: string,
Expand All @@ -598,6 +601,14 @@ function setConfigValue(
throw new Error(`Invalid config path: ${configPath}`);
}

for (const token of tokens) {
if (UNSAFE_PROPERTY_NAMES.has(token)) {
throw new Error(
`Unsafe config path segment '${token}' in ${configPath}`,
);
}
}

let current: unknown = document;
for (let index = 0; index < tokens.length - 1; index += 1) {
const token = tokens[index];
Expand Down