mastercontroller 1.3.25 → 1.3.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/MasterControl.js +4 -19
- package/package.json +1 -1
package/MasterControl.js
CHANGED
|
@@ -146,25 +146,10 @@ class MasterControl {
|
|
|
146
146
|
// Only freeze in production to allow for easier debugging in development
|
|
147
147
|
const isProduction = process.env.NODE_ENV === 'production';
|
|
148
148
|
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
Object.freeze(Array.prototype);
|
|
154
|
-
Object.freeze(Function.prototype);
|
|
155
|
-
|
|
156
|
-
logger.info({
|
|
157
|
-
code: 'MC_SECURITY_PROTOTYPE_FROZEN',
|
|
158
|
-
message: 'Prototypes frozen in production mode for security'
|
|
159
|
-
});
|
|
160
|
-
} catch (err) {
|
|
161
|
-
logger.warn({
|
|
162
|
-
code: 'MC_SECURITY_FREEZE_FAILED',
|
|
163
|
-
message: 'Failed to freeze prototypes',
|
|
164
|
-
error: err.message
|
|
165
|
-
});
|
|
166
|
-
}
|
|
167
|
-
}
|
|
149
|
+
// NOTE: Prototype freezing was removed. Freezing Object.prototype/Array.prototype/
|
|
150
|
+
// Function.prototype breaks third-party libraries (e.g., long, mysql2) that define
|
|
151
|
+
// properties on their prototypes after framework init. Prototype pollution protection
|
|
152
|
+
// is handled via input validation in MasterValidator.js instead.
|
|
168
153
|
|
|
169
154
|
// Add prototype pollution detection utility
|
|
170
155
|
this._detectPrototypePollution = (obj) => {
|
package/package.json
CHANGED