Objective: DoS, Data Leak, or Code Execution
Attacker's Goal:
DoS, Data Leak, or Code Execution
|
-----------------------------------------------------------------
| |
!!!1.1!!! Resource Exhaustion !!!3.1!!! Prototype Pollution via
`_transform` or `_construct`
| |
----------------- -----------------
| |
***1.1.1*** Uncontrolled Data Flow (High Volume) ***3.1.1*** Injecting Malicious Properties
Attack Tree Path: !!!1.1!!! Resource Exhaustion (Critical Node)
-
Description: This node represents attacks that aim to deplete the application's resources (memory, CPU, etc.), leading to a Denial of Service. It's a critical node because resource exhaustion is a common and effective attack vector.
-
Likelihood: High (Overall category)
-
Impact: High (Can completely halt the application)
-
Effort: Varies (Depends on the specific sub-attack)
-
Skill Level: Varies (Depends on the specific sub-attack)
-
Detection Difficulty: Medium (Requires monitoring resource usage)
- 1.1.1 Uncontrolled Data Flow (High Volume) (High-Risk Path)
- Description: The attacker sends a large volume of data to the stream faster than the consumer can process it. This overwhelms the buffering mechanisms and leads to resource exhaustion. This is often due to a lack of proper backpressure implementation.
- Likelihood: High (Common if backpressure isn't handled)
- Impact: High (Can completely halt the application)
- Effort: Low (Easy to send a lot of data)
- Skill Level: Novice
- Detection Difficulty: Medium (Requires monitoring resource usage)
- Mitigation:
- Implement proper flow control using
highWaterMark. - Use
readable.push(null)when the consumer is overwhelmed. - Monitor memory and CPU usage.
- Consider rate limiting at the input source.
- Use
pipelineorpipewith error handling.
- Implement proper flow control using
- 1.1.1 Uncontrolled Data Flow (High Volume) (High-Risk Path)
-
Description: This node represents attacks that exploit vulnerabilities in how
TransformorWritablestreams handle input data, specifically targeting the_transformor_constructmethods. Successful prototype pollution can lead to arbitrary code execution. -
Likelihood: Medium (Overall category)
-
Impact: Very High (Full code execution)
-
Effort: Varies (Depends on the specific sub-attack)
-
Skill Level: Varies (Depends on the specific sub-attack)
-
Detection Difficulty: Hard (Requires static analysis or specific testing)
- 3.1.1 Injecting Malicious Properties (High-Risk Path)
- Description: The attacker provides input data containing specially crafted objects with properties like
__proto__,constructor, orprototype. If the_transformor_constructmethods don't properly sanitize this input, these properties can pollute the object prototype, leading to unexpected behavior and, ultimately, arbitrary code execution. - Likelihood: Medium (If input isn't sanitized)
- Impact: Very High (Full code execution)
- Effort: Medium
- Skill Level: Advanced
- Detection Difficulty: Hard (Requires static analysis or specific testing)
- Mitigation:
- Crucially, sanitize all input data before using it within
_transformand_construct. - Use safe object creation methods (e.g.,
Object.create(null)). - Avoid using user-supplied data directly as object keys without validation.
- Use a linter that detects potential prototype pollution vulnerabilities.
- Crucially, sanitize all input data before using it within
- Description: The attacker provides input data containing specially crafted objects with properties like
- 3.1.1 Injecting Malicious Properties (High-Risk Path)