From f150f79ad6c7d43e036688b1de8d6c2c8140aca9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <netroy@users.noreply.github.com>
Date: Tue, 4 Feb 2025 12:14:51 +0100
Subject: [PATCH] fix(Google Cloud Firestore Node): Fix potential prototype
 pollution vulnerability (#13035)

---
 .../Firebase/CloudFirestore/GenericFunctions.ts       | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts
index 672b7d1ada..e32fcaab58 100644
--- a/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts
+++ b/packages/nodes-base/nodes/Google/Firebase/CloudFirestore/GenericFunctions.ts
@@ -82,6 +82,8 @@ export async function googleApiRequestAllItems(
 const isValidDate = (str: string) =>
 	moment(str, ['YYYY-MM-DD HH:mm:ss Z', moment.ISO_8601], true).isValid();
 
+const protoKeys = ['__proto__', 'prototype', 'constructor'];
+
 // Both functions below were taken from Stack Overflow jsonToDocument was fixed as it was unable to handle null values correctly
 // https://stackoverflow.com/questions/62246410/how-to-convert-a-firestore-document-to-plain-json-and-vice-versa
 // Great thanks to https://stackoverflow.com/users/3915246/mahindar
@@ -104,10 +106,11 @@ export function jsonToDocument(value: string | number | IDataObject | IDataObjec
 	} else if (value && value.constructor === Array) {
 		return { arrayValue: { values: value.map((v) => jsonToDocument(v)) } };
 	} else if (typeof value === 'object') {
-		const obj = {};
-		for (const o of Object.keys(value)) {
-			//@ts-ignore
-			obj[o] = jsonToDocument(value[o] as IDataObject);
+		const obj: IDataObject = {};
+		for (const key of Object.keys(value)) {
+			if (value.hasOwnProperty(key) && !protoKeys.includes(key)) {
+				obj[key] = jsonToDocument((value as IDataObject)[key] as IDataObject);
+			}
 		}
 		return { mapValue: { fields: obj } };
 	}