From 86ea35573022bbbf120e16d4999b799a1a5938ac Mon Sep 17 00:00:00 2001 From: Ruriko Araki Date: Wed, 29 Jan 2025 09:03:10 -0800 Subject: [PATCH] Potential fix for code scanning alert no. 3: Prototype-polluting assignment (#3845) * Potential fix for code scanning alert no. 3: Prototype-polluting assignment Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Change files * Fix build issue --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- ...ve-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json | 7 +++++++ packages/framework/memo-cache/src/getCacheEntry.ts | 3 +++ 2 files changed, 10 insertions(+) create mode 100644 change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json diff --git a/change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json b/change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json new file mode 100644 index 0000000000..0f375c73ce --- /dev/null +++ b/change/@fluentui-react-native-memo-cache-0c1ce6d7-722e-4518-9cf5-bc2fe0e0ced9.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "Potential fix for code scanning alert no. 3: Prototype-polluting assignment", + "packageName": "@fluentui-react-native/memo-cache", + "email": "ruaraki@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/packages/framework/memo-cache/src/getCacheEntry.ts b/packages/framework/memo-cache/src/getCacheEntry.ts index 75a52c8dfc..caff5b2341 100644 --- a/packages/framework/memo-cache/src/getCacheEntry.ts +++ b/packages/framework/memo-cache/src/getCacheEntry.ts @@ -22,6 +22,9 @@ export type CacheEntry = { * @param key - which key of that entry to ensure the value for */ function ensureAndReturn(entry: CacheEntry, key: keyof CacheEntry): CacheEntry | { [key: string]: CacheEntry } { + if ((key as string) === '__proto__' || (key as string) === 'constructor' || (key as string) === 'prototype') { + throw new Error('Invalid key'); + } return (entry[key] = entry[key] || {}); }