Potential fix for code scanning alert no. 3: Prototype-polluting assi…

…gnment (#3845) * Potential fix for code scanning alert no. 3: Prototype-polluting assignment Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Change files * Fix build issue --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
microsoft · Jan 29, 2025 · 86ea355 · 86ea355
1 parent 61bbb8b
commit 86ea355
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json b/change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Potential fix for code scanning alert no. 3: Prototype-polluting assignment",
+  "packageName": "@fluentui-react-native/memo-cache",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/packages/framework/memo-cache/src/getCacheEntry.ts b/packages/framework/memo-cache/src/getCacheEntry.ts
@@ -22,6 +22,9 @@ export type CacheEntry<T, TGet = any> = {
  * @param key - which key of that entry to ensure the value for
  */
 function ensureAndReturn(entry: CacheEntry<any>, key: keyof CacheEntry<any>): CacheEntry<any> | { [key: string]: CacheEntry<any> } {
+  if ((key as string) === '__proto__' || (key as string) === 'constructor' || (key as string) === 'prototype') {
+    throw new Error('Invalid key');
+  }
   return (entry[key] = entry[key] || {});
 }