Prototype Pollution in Flask with Basic Auth

Prototype pollution in Flask applications using HTTP Basic Authentication involves a combination of insecure object handling and weak authentication boundaries. When a Flask route deserializes user-controlled JSON, query parameters, or form data into a JavaScript-like object (e.g., via request.get_json() or custom Python-to-object merging), an attacker can inject properties such as __proto__, constructor.prototype, or other special keys. In Python, this often manifests as unexpected attribute injection on classes or global-like dictionaries used throughout the app, because Python objects allow dynamic attribute assignment.

When Basic Auth is used, the presence of authentication may create a false sense of security. Developers sometimes assume that authenticated endpoints are safe from mass assignment or injection, leading them to skip input validation or schema enforcement. In reality, Basic Auth only verifies identity; it does not constrain what data an authenticated (or unauthenticated, if the endpoint is mistakenly exposed) client can submit. An authenticated session can still send malicious JSON containing pollution payloads, and if the server merges these values into shared objects (for example, updating a global configuration dictionary with user input), the pollution persists for subsequent requests.

Consider a Flask route that updates application settings from user input after successful Basic Auth validation:

from flask import Flask, request, jsonify
from functools import wraps

app = Flask(__name__)

# Simulated shared configuration object (vulnerable to pollution)
app.config.update({
    'RATE_LIMIT': 100,
    'FEATURE_FLAG': False
})

def check_auth(username, password):
    return username == 'admin' and password == 'secret'

def authenticate():
    return jsonify({'error': 'Unauthorized'}), 401

def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        auth = request.authorization
        if not auth or not check_auth(auth.username, auth.password):
            return authenticate()
        return f(*args, **kwargs)
    return decorated

@app.route('/update-config', methods=['POST'])
@requires_auth
def update_config():
    data = request.get_json()
    # Vulnerable: merges user input directly into shared configuration
    app.config.update(data)
    return jsonify({'status': 'updated', 'config': dict(app.config)})

An authenticated attacker can send a payload like { "__proto__": { "RATE_LIMIT": 9999 }, "newKey": "polluted" }. In JavaScript environments this would affect object inheritance; in Python, depending on how app.config is used downstream, this can lead to privilege escalation or logic bypass if configuration values are trusted. More broadly, pollution can affect logging, template rendering, or downstream microservice calls where the tainted object is serialized or passed along.

The 12 security checks from middleBrick operate in parallel and would flag such issues under Property Authorization and Input Validation. Even without an agent or credentials, submitting the endpoint URL allows the scanner to detect whether user-supplied data influences object properties and whether authentication boundaries are incorrectly assumed to prevent injection.

Remediation focuses on strict input validation, avoiding shared mutable state for user data, and ensuring authentication does not bypass schema enforcement. Below is a hardened version of the earlier example that prevents prototype-style injection by rejecting dangerous keys and using a schema to whitelist allowed fields.

from flask import Flask, request, jsonify
from functools import wraps

app = Flask(__name__)

app.config.update({
    'RATE_LIMIT': 100,
    'FEATURE_FLAG': False
})

ALLOWED_CONFIG_KEYS = {'RATE_LIMIT', 'FEATURE_FLAG'}

def check_auth(username, password):
    return username == 'admin' and password == 'secret'

def authenticate():
    return jsonify({'error': 'Unauthorized'}), 401

def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        auth = request.authorization
        if not auth or not check_auth(auth.username, auth.password):
            return authenticate()
        return f(*args, **kwargs)
    return decorated

def validate_config_update(data):
    if not isinstance(data, dict):
        return False, 'Payload must be a JSON object'
    for key in data.keys():
        if key not in ALLOWED_CONFIG_KEYS:
            return False, f'Invalid configuration key: {key}'
    return True, None

@app.route('/update-config', methods=['POST'])
@requires_auth
def update_config():
    data = request.get_json(silent=True)
    if data is None:
        return jsonify({'error': 'Invalid JSON'}), 400
    is_valid, error = validate_config_update(data)
    if not is_valid:
        return jsonify({'error': error}), 400
    # Safe: only allow explicitly permitted keys
    for key in ALLOWED_CONFIG_KEYS:
        if key in data:
            app.config[key] = data[key]
    return jsonify({'status': 'updated', 'config': {k: app.config[k] for k in ALLOWED_CONFIG_KEYS}})

Additional practices include:

• Never merge raw user input into global or module-level objects; instead, validate and assign to isolated structures.
• Use a schema library (e.g., Marshmallow) to enforce types and permitted fields, rejecting any keys not explicitly defined.
• Ensure CORS and auth middleware do not inadvertently expose endpoints to unauthenticated access, as misconfiguration can weaken Basic Auth protections.
• Combine with rate limiting and monitoring; while not a direct fix for pollution, it reduces abuse surface.

middleBrick’s CLI can be used to validate remediation by scanning the endpoint after changes: middlebrick scan https://yourapp.example.com/endpoint. The dashboard and GitHub Action integrations help track security scores over time and prevent regressions in CI/CD pipelines.