From 0727defaae0a9a183f82e0bd03d3fe8fc16ff809 Mon Sep 17 00:00:00 2001
From: ptaindia <aloke.13@gmail.com>
Date: Fri, 5 Dec 2025 12:26:09 +0530
Subject: [PATCH] feat: add enhanced exploit detection patterns for
 CVE-2025-55182

Add two new detection patterns based on analysis of public PoC exploits:

- then_pollution: Detects Object.prototype.then pollution attempts
- prefix_injection: Detects _prefix property injection in payloads

These patterns strengthen runtime protection against CVE-2025-55182
exploit techniques documented in recent security research.
---
 src/middleware/detector.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/middleware/detector.ts b/src/middleware/detector.ts
index 6baeb5f..5dad2ed 100644
--- a/src/middleware/detector.ts
+++ b/src/middleware/detector.ts
@@ -29,6 +29,20 @@ const EXPLOIT_PATTERNS = [
     severity: 'high' as const,
     description: 'Prototype pollution attempt',
   },
+  // Object.prototype.then pollution (CVE-2025-55182 exploit technique)
+  {
+    name: 'then_pollution',
+    pattern: /prototype\s*\.\s*then|\.then\s*=/i,
+    severity: 'high' as const,
+    description: 'Object.prototype.then pollution attempt',
+  },
+  // _prefix property injection (CVE-2025-55182 exploit technique)
+  {
+    name: 'prefix_injection',
+    pattern: /"_prefix"\s*:/i,
+    severity: 'high' as const,
+    description: 'Potential _prefix property injection',
+  },
   // Malformed module references
   {
     name: 'malformed_module_ref',