fix(provider-utils): prevent unicode escape bypass in secureJsonParse (#13079)

gr2m · claude · web-flow · commit 824b2956d0da · 2026-03-05T00:04:38.000Z
## Summary - Update `secureJsonParse` regex patterns to detect unicode-escaped variants of `__proto__` and `constructor` keys, preventing prototype pollution bypass - Aligns with the upstream fix in [fastify/secure-json-parse](https://github.com/fastify/secure-json-parse) - Add regression tests for partial and fully unicode-escaped key variants ## Security Resolves VULN-774. The previous regex fast-path only matched literal `"__proto__"` and `"constructor"` strings. Unicode escapes (e.g., `\u005f\u005fproto__`) bypassed the regex gate, skipping the `filter()` safety check, while `JSON.parse` still normalized them into dangerous keys. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/.changeset/silver-moles-roll.md b/.changeset/silver-moles-roll.md
@@ -0,0 +1,5 @@
+---
+'@ai-sdk/provider-utils': patch
+---
+
+fix(provider-utils): prevent unicode escape bypass in secureJsonParse
diff --git a/packages/provider-utils/src/secure-json-parse.test.ts b/packages/provider-utils/src/secure-json-parse.test.ts
@@ -43,6 +43,18 @@ describe('secureJsonParse', () => {
     expect(secureJsonParse('"X"')).toStrictEqual(JSON.parse('"X"'));
   });
 
+  it('allows constructor property with non-object value', () => {
+    expect(secureJsonParse('{ "constructor": "string value" }')).toStrictEqual({
+      constructor: 'string value',
+    });
+  });
+
+  it('allows constructor property with null value', () => {
+    expect(secureJsonParse('{ "constructor": null }')).toStrictEqual({
+      constructor: null,
+    });
+  });
+
   it('errors on constructor property', () => {
     const text =
       '{ "a": 5, "b": 6, "constructor": { "x": 7 }, "c": { "d": 0, "e": "text", "__proto__": { "y": 8 }, "f": { "g": 2 } } }';
@@ -56,4 +68,27 @@ describe('secureJsonParse', () => {
 
     expect(() => secureJsonParse(text)).toThrow(SyntaxError);
   });
+
+  it('errors on unicode-escaped __proto__ property', () => {
+    const text = '{ "\\u005f\\u005fproto__": { "isAdmin": true } }';
+    expect(() => secureJsonParse(text)).toThrow(SyntaxError);
+  });
+
+  it('errors on fully unicode-escaped __proto__ property', () => {
+    const text =
+      '{ "\\u005f\\u005f\\u0070\\u0072\\u006f\\u0074\\u006f\\u005f\\u005f": { "isAdmin": true } }';
+    expect(() => secureJsonParse(text)).toThrow(SyntaxError);
+  });
+
+  it('errors on unicode-escaped constructor property', () => {
+    const text =
+      '{ "\\u0063\\u006fnstructor": { "prototype": { "isAdmin": true } } }';
+    expect(() => secureJsonParse(text)).toThrow(SyntaxError);
+  });
+
+  it('errors on fully unicode-escaped constructor property', () => {
+    const text =
+      '{ "\\u0063\\u006f\\u006e\\u0073\\u0074\\u0072\\u0075\\u0063\\u0074\\u006f\\u0072": { "prototype": { "isAdmin": true } } }';
+    expect(() => secureJsonParse(text)).toThrow(SyntaxError);
+  });
 });
diff --git a/packages/provider-utils/src/secure-json-parse.ts b/packages/provider-utils/src/secure-json-parse.ts
@@ -21,8 +21,10 @@
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-const suspectProtoRx = /"__proto__"\s*:/;
-const suspectConstructorRx = /"constructor"\s*:/;
+const suspectProtoRx =
+  /"(?:_|\\u005[Ff])(?:_|\\u005[Ff])(?:p|\\u0070)(?:r|\\u0072)(?:o|\\u006[Ff])(?:t|\\u0074)(?:o|\\u006[Ff])(?:_|\\u005[Ff])(?:_|\\u005[Ff])"\s*:/;
+const suspectConstructorRx =
+  /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/;
 
 function _parse(text: string) {
   // Parse normally
@@ -58,6 +60,8 @@ function filter(obj: any) {
 
       if (
         Object.prototype.hasOwnProperty.call(node, 'constructor') &&
+        node.constructor !== null &&
+        typeof node.constructor === 'object' &&
         Object.prototype.hasOwnProperty.call(node.constructor, 'prototype')
       ) {
         throw new SyntaxError('Object contains forbidden prototype property');

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@ai-sdk/provider-utils': patch
 +---
++
 +fix(provider-utils): prevent unicode escape bypass in secureJsonParse