Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Google Cloud Firestore Node): Fix potential prototype pollution vulnerability #13035

Merged
merged 1 commit into from
Feb 4, 2025
Merged

fix(Google Cloud Firestore Node): Fix potential prototype pollution vulnerability #13035

merged 1 commit into from
Feb 4, 2025

Conversation

netroy
Copy link
Member

@netroy netroy commented Feb 4, 2025
edited
Loading

Summary

Code like this, that copies over data between objects, should skip copying over prototype related properties.

Related Linear tickets, Github issues, and Community forum posts

N8N-8102

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

@codecov Codecov
Copy link

codecov bot commented Feb 4, 2025

Codecov Report

Attention: Patch coverage is 0% with 5 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...Google/Firebase/CloudFirestore/GenericFunctions.ts 0.00% 5 Missing ⚠️

📢 Thoughts on this report? Let us know!

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team node/improvement New feature or request labels Feb 4, 2025
tomi
tomi approved these changes Feb 4, 2025
View reviewed changes
Copy link
Collaborator

@tomi tomi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 4, 2025

✅ All Cypress E2E specs passed

@cypress Cypress
Copy link

cypress bot commented Feb 4, 2025

n8n    Run #9103

Run Properties:  status check passed Passed #9103  •  git commit 6504cf13c2: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Project n8n
Branch Review fix-N8N-8102-prototype-pollution
Run status status check passed Passed #9103
Run duration 04m 24s
Commit git commit 6504cf13c2: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 netroy 🗃️ e2e/*
Committer कारतोफ्फेलस्क्रिप्ट™
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 1
Tests that did not run due to a developer annotating a test with .skip  Pending 5
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 433
View all changes introduced in this branch ↗︎

@netroy netroy merged commit f150f79 into master Feb 4, 2025
38 checks passed
@netroy netroy deleted the fix-N8N-8102-prototype-pollution branch February 4, 2025 11:14
riascho pushed a commit that referenced this pull request Feb 5, 2025
@netroy @riascho
fix(Google Cloud Firestore Node): Fix potential prototype pollution v…
e5361b0 
…ulnerability (#13035)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomi tomi tomi approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team node/improvement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@netroy @tomi