mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-10-11 01:59:41 +02:00
53 lines
1.6 KiB
Diff
53 lines
1.6 KiB
Diff
diff --git a/src/dagre/position/bk.js b/src/dagre/position/bk.js
|
|
index d4aabdcef2c788873b799489cf27d48aaa0a2ee6..3f4e140dfd9f8f3f365300f04c087bc648868345 100644
|
|
--- a/src/dagre/position/bk.js
|
|
+++ b/src/dagre/position/bk.js
|
|
@@ -129,13 +129,35 @@ function findOtherInnerSegmentNode(g, v) {
|
|
}
|
|
}
|
|
|
|
+/**
|
|
+ * Check if a key is safe to use as an object property to prevent prototype pollution
|
|
+ * @param {*} key - The key to check
|
|
+ * @returns {boolean} - True if the key is safe, false otherwise
|
|
+ */
|
|
+function isSafeKey(key) {
|
|
+ // Reject prototype pollution vectors
|
|
+ var isSafe = key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
|
|
+ if (!isSafe) {
|
|
+ console.log('[dagre-d3-es SECURITY] Blocked prototype pollution attempt with key:', key);
|
|
+ }
|
|
+ return isSafe;
|
|
+}
|
|
+
|
|
function addConflict(conflicts, v, w) {
|
|
+ console.log('[dagre-d3-es] addConflict called with v:', v, 'w:', w);
|
|
+
|
|
if (v > w) {
|
|
var tmp = v;
|
|
v = w;
|
|
w = tmp;
|
|
}
|
|
|
|
+ // Validate keys to prevent prototype pollution
|
|
+ if (!isSafeKey(v) || !isSafeKey(w)) {
|
|
+ console.log('[dagre-d3-es SECURITY] addConflict blocked for keys v:', v, 'w:', w);
|
|
+ return;
|
|
+ }
|
|
+
|
|
var conflictsV = conflicts[v];
|
|
if (!conflictsV) {
|
|
conflicts[v] = conflictsV = {};
|
|
@@ -149,6 +171,11 @@ function hasConflict(conflicts, v, w) {
|
|
v = w;
|
|
w = tmp;
|
|
}
|
|
+ // Validate keys to prevent prototype pollution
|
|
+ if (!isSafeKey(v) || !isSafeKey(w)) {
|
|
+ console.log('[dagre-d3-es SECURITY] hasConflict blocked for keys v:', v, 'w:', w);
|
|
+ return false;
|
|
+ }
|
|
return !!conflicts[v] && Object.prototype.hasOwnProperty.call(conflicts[v], w);
|
|
}
|
|
|