Skip to content

🛡️ Sentinel: [HIGH] Fix prototype pollution and unvalidated property access in language selection#6

Merged
seonghobae merged 1 commit into
mainfrom
sentinel-fix-prototype-pollution-18248517539117329513
Jun 20, 2026
Merged

🛡️ Sentinel: [HIGH] Fix prototype pollution and unvalidated property access in language selection#6
seonghobae merged 1 commit into
mainfrom
sentinel-fix-prototype-pollution-18248517539117329513

Conversation

@seonghobae

Copy link
Copy Markdown
Contributor

🚨 Severity: HIGH
💡 Vulnerability: Object property injection/prototype pollution due to unvalidated user input (location.search and localStorage) being used directly as an object key (messages[query]).
🎯 Impact: Attackers could inject arbitrary property names (like __proto__ or constructor), potentially leading to unexpected application behavior, XSS, or application crashes when evaluating truthiness.
🔧 Fix: Replaced the unsafe property check with a strict check against an allowed list (["ko", "en"]) before using the value.
✅ Verification: Tested locally by verifying normal operations and checking that malicious query parameters (e.g. ?lang=__proto__) default correctly without errors.


PR created automatically by Jules for task 18248517539117329513 started by @seonghobae

@google-labs-jules

Copy link
Copy Markdown

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@github-actions

Copy link
Copy Markdown
Contributor

OpenCode Review Overview

  • Head SHA: 568f025d15afa285caa622398db44186adaece8d
  • Workflow run: 27873194527
  • Workflow attempt: 1
  • Gate result: APPROVE (exit 0)

But note: the control block must be exactly one line? Actually, the example in the instructions is multi-line. However, the instructions say: "The JSON control block must be literal parseable JSON". We can format it as a single line or multi-line. But the example in the instructions is multi-line.

However, the instructions also say: "Do not include reasoning tags such as ...." and we are not including any.

But note: the first line is exactly the sentinel, then the control block.

However, the control block is an HTML comment that contains a JSON string. We must be careful to not break the comment.

Since the instructions do not specify the formatting of the JSON, we can make it compact or pretty. But the example in the instructions is pretty-printed. We'll do the same.

But note: the instructions say "Return only the review body." and the review body is exactly the two comments.

Therefore, we output:

However, the example in the instructions has the control block as a multi-line string. But the instructions do not require multi-line. We can do it in one line to avoid any potential comment break.

Alternatively, we can do:

But note: the instructions say "exactly one control block", meaning one line? Actually, the example in the instructions is multi-line. However, the tool that parses it should be able to handle multi-line.

But to be safe, we can do it in one line. However, the instructions do not to spend time on formatting. We'll do it in one line to avoid any potential issue with newlines.

However, the example in the instructions is:

So it is a single line.

Therefore, we output the control block as a single line.

Final output:

But note: the first line is exactly the sentinel, and then the control block is the next line.

However, the instructions say "Then exactly one control block", meaning the control block is the next thing. We are outputting it as the next line.

This should be acceptable.

However, note that the control block is an HTML comment and must be closed. We are closing it.

Therefore, we return the above.

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenCode Agent approved this PR.

PR adds prototype pollution protection in i18n.js and documents the vulnerability in sentinel.md. Changes implement strict allowlist validation for language selection, preventing prototype pollution attacks while maintaining expected behavior.

  • Result: APPROVE
  • Reason: Security fix correctly implements allowlist validation and documents vulnerability
  • Head SHA: 568f025d15afa285caa622398db44186adaece8d
  • Workflow run: 27873194527
  • Workflow attempt: 1

@seonghobae seonghobae merged commit cc84e00 into main Jun 20, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant