fix: block unsafe pointer set tokens

jonluca · jonluca · commit a786bc6afc36 · 2026-06-11T10:19:05.000-07:00
diff --git a/lib/pointer.ts b/lib/pointer.ts
@@ -13,6 +13,7 @@ const slashes = /\//g;
 const tildes = /~/g;
 const escapedSlash = /~1/g;
 const escapedTilde = /~0/g;
+const unsafeSetTokens = new Set(["__proto__", "constructor", "prototype"]);
 
 /**
  * This class represents a single JSON pointer and its resolved value.
@@ -194,6 +195,8 @@ class Pointer<S extends object = JSONSchema, O extends ParserOptions<S> = Parser
       return value;
     }
 
+    assertSafeSetTokens(this.path, tokens);
+
     // Crawl the object, one token at a time
     this.value = unwrapOrThrow(obj);
     if (this.$ref.dynamicIdScope && !isAliasedResource(this.$ref)) {
@@ -372,6 +375,16 @@ function setValue(pointer: Pointer, token: string, value: JSONSchema4Type | JSON
   return value;
 }
 
+function assertSafeSetTokens(pointerPath: string, tokens: string[]) {
+  for (const token of tokens) {
+    if (unsafeSetTokens.has(token)) {
+      throw new JSONParserError(
+        `Error assigning $ref pointer "${pointerPath}". \nUnsafe JSON Pointer token "${token}" cannot be used for assignment.`,
+      );
+    }
+  }
+}
+
 function unwrapOrThrow(value: unknown) {
   if (isHandledError(value)) {
     throw value;
diff --git a/test/specs/refs.spec.ts b/test/specs/refs.spec.ts
@@ -316,5 +316,28 @@ describe("$Refs object", () => {
       $refs.set("external.yaml#/foo/bar/baz", { hello: "world" });
       expect($refs.get("external.yaml#/foo/bar/baz")).to.deep.equal({ hello: "world" });
     });
+
+    it("should reject prototype-polluting JSON Pointer path tokens", async () => {
+      const $refs = await $RefParser.resolve(path.abs("test/specs/external/external.yaml"));
+      const dangerousPaths = [
+        "external.yaml#/__proto__/polluted",
+        "external.yaml#/constructor/prototype/polluted",
+        "external.yaml#/prototype/polluted",
+      ];
+
+      for (const $ref of dangerousPaths) {
+        try {
+          $refs.set($ref, "polluted");
+          helper.shouldNotGetCalled();
+        } catch (err) {
+          expect(err).to.be.an.instanceOf(Error);
+          expect((err as Error).message).to.contain("Unsafe JSON Pointer token");
+        } finally {
+          delete (Object.prototype as Record<string, unknown>).polluted;
+        }
+
+        expect(({} as Record<string, unknown>).polluted).to.be.undefined;
+      }
+    });
   });
 });
