Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHAS. Fix Prototype-polluting assignment. Core #19376

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

GHAS. Fix Prototype-polluting assignment. Core #19376

wants to merge 1 commit into from

Conversation

giancorderoortiz
Copy link
Contributor

Fixes https://github.com/SAP/spartacus/security/code-scanning/21

To fix the prototype pollution issue, we need to ensure that productCode cannot be set to special properties like __proto__, constructor, or prototype. This can be achieved by validating the productCode before using it as a key in the products object.

Steps to fix:

  1. Validation: Add a validation step to check if productCode is one of the special properties.
  2. Error Handling: If productCode is invalid, handle the error appropriately (e.g., by returning an error response or throwing an exception).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@giancorderoortiz @github-advanced-security
Fix code scanning alert no. 21: Prototype-polluting assignment
99caaed 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@giancorderoortiz giancorderoortiz changed the title Fix code scanning alert no. 21: Prototype-polluting assignment GHAS. Fix Prototype-polluting assignment. Core Oct 9, 2024
@giancorderoortiz giancorderoortiz marked this pull request as ready for review October 9, 2024 21:33
@giancorderoortiz giancorderoortiz requested a review from a team as a code owner October 9, 2024 21:33
@cypress Cypress
Copy link

cypress bot commented Oct 9, 2024

spartacus    Run #45223

Run Properties:  status check passed Passed #45223  •  git commit 2f0c43b6cf ℹ️: Merge 99caaed8fe7fcad25cb27fe016d5e996d7e82ba3 into 9de45d0a4462d8495c7ab460fae6...
Project spartacus
Run status status check passed Passed #45223
Run duration 13m 16s
Commit git commit 2f0c43b6cf ℹ️: Merge 99caaed8fe7fcad25cb27fe016d5e996d7e82ba3 into 9de45d0a4462d8495c7ab460fae6...
Committer Giancarlo Cordero Ortiz
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 4
Tests that did not run due to a developer annotating a test with .skip  Pending 2
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 125
⚠️ You've recorded test results over your free plan limit.
Upgrade your plan to view test results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@giancorderoortiz