Skip to content

Latest commit

 

History

History
28 lines (23 loc) · 2.41 KB

threat-modeling.md

File metadata and controls

28 lines (23 loc) · 2.41 KB

Threat Model Analysis for ljharb/qs

Threat: Prototype Pollution via Query String Manipulation

  • Description: An attacker crafts a malicious query string containing prototype pollution payloads (e.g., __proto__, constructor.prototype). When qs parses this query string, it can inject properties into the JavaScript Object prototype. This can lead to unexpected application behavior, potentially allowing for code execution or data manipulation if the application interacts with the polluted prototype.
  • Impact: Prototype pollution, potential code execution, application compromise, data manipulation, Cross-Site Scripting (XSS) vulnerabilities.
  • Affected QS Component: Parsing module, specifically the object parsing logic and handling of property names.
  • Risk Severity: High to Critical (if using vulnerable qs versions).
  • Mitigation Strategies:
    • Immediately update qs library to version 6.5.2 or later.
    • Use Object.create(null) when processing data parsed by qs, especially for sensitive operations.
    • Sanitize and validate query string parameters to prevent injection of malicious property names.
    • Implement Content Security Policy (CSP) to mitigate potential XSS exploitation.
    • Conduct regular security audits and penetration testing.

Threat: Complex Query String Parsing DoS

  • Description: An attacker crafts a deeply nested or highly complex query string and sends it to the application. The qs library, when parsing this malicious query, consumes excessive server resources (CPU, memory), leading to slow response times or service unavailability for legitimate users.
  • Impact: Denial of Service, application performance degradation, service unavailability.
  • Affected QS Component: Parsing module, specifically the parsing logic for nested objects and arrays.
  • Risk Severity: High (in specific scenarios and older qs versions).
  • Mitigation Strategies:
    • Update qs library to the latest version.
    • Implement input validation to limit the depth and complexity of query strings.
    • Configure web server request limits (e.g., request size, header size).
    • Implement rate limiting to restrict requests from single IPs.
    • Monitor server resource usage and set up alerts for unusual spikes.