feat(NODE-6225): add property ownership check before referencing mongocryptdSpawnPath and mongocryptdSpawnArgs
#4151
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @vuusale - thanks for opening this PR. We've discussed it and would a couple of changes made here if you don't mind. 1) We'd like to change this to use |
durran
added
the
Primary Review
durran
changed the title
To prevent prototype pollution gadget, added a check to ensure that 'mongocryptSpawnPath' and 'mongocryptSpawnArgs' properties exist in 'extraOptions' object before assigning them to 'this.spawnPath' and 'this.spawnArgs', which are passed to 'spawn' function in line 53. HackerOne report: https://hackerone.com/bugs?subject=user&report_id=2522466
durran
added
Team Review
durran
changed the title
durran
changed the title
nbbeeken
approved these changes
Jul 1, 2024
nbbeeken
changed the title
mongocryptdSpawnPath and mongocryptdSpawnArgs
nbbeeken
changed the title
mongocryptdSpawnPath and mongocryptdSpawnArgsmongocryptdSpawnPath and mongocryptdSpawnArgs
nbbeeken
changed the title
mongocryptdSpawnPath and mongocryptdSpawnArgsmongocryptdSpawnPath and mongocryptdSpawnArgs
|
Dear mongodb team, thanks for approving my change! |
This was referenced Oct 3, 2024
This was referenced Oct 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To prevent prototype pollution gadget, added a check to ensure that 'mongocryptSpawnPath' and 'mongocryptSpawnArgs' properties exist in 'extraOptions' object before assigning them to 'this.spawnPath' and 'this.spawnArgs', which are passed to 'spawn' function in line 53.
HackerOne report: https://hackerone.com/bugs?subject=user&report_id=2522466
Description
What is changing?
Is there new documentation needed for these changes?
What is the motivation for this change?
Release Highlight
Only permit mongocryptd spawn path and arguments to be own properties
We have added some defensive programming to the options that specify spawn path and spawn arguments for
mongocryptddue to the sensitivity of the system resource they control, namely, launching a process. Now,mongocryptdSpawnPathandmongocryptdSpawnArgsmust be own properties ofautoEncryption.extraOptions. This makes it more difficult for a global prototype pollution bug related to these options to occur.Double check the following
npm run check:lintscripttype(NODE-xxxx)[!]: descriptionfeat(NODE-1234)!: rewriting everything in coffeescript