Fix code scanning alert no. 307: Prototype-polluting assignment

AbhiPrasad · github-advanced-security[bot] · web-flow · commit f08906c93fad · 2024-10-28T17:32:54.000-04:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/packages/aws-serverless/src/sdk.ts b/packages/aws-serverless/src/sdk.ts
@@ -168,6 +168,12 @@ export function tryPatchHandler(taskRoot: string, handlerPath: string): void {
     return;
   }
 
+  // Check for prototype pollution
+  if (functionName === '__proto__' || functionName === 'constructor' || functionName === 'prototype') {
+    DEBUG_BUILD && logger.error(`Invalid handler name: ${functionName}`);
+    return;
+  }
+
   // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   (mod as HandlerModule)[functionName!] = wrapHandler(obj);
 }

Original file line number	Diff line number	Diff line change
`@@ -168,6 +168,12 @@ export function tryPatchHandler(taskRoot: string, handlerPath: string): void {`
`168`	`168`	`return;`
`169`	`169`	`}`
`170`	`170`
	`171`	`+ // Check for prototype pollution`
	`172`	`+ if (functionName === '__proto__' \|\| functionName === 'constructor' \|\| functionName === 'prototype') {`
	`173`	+ DEBUG_BUILD && logger.error(`Invalid handler name: ${functionName}`);
	`174`	`+ return;`
	`175`	`+ }`
	`176`	`+`
`171`	`177`	`// eslint-disable-next-line @typescript-eslint/no-non-null-assertion`
`172`	`178`	`(mod as HandlerModule)[functionName!] = wrapHandler(obj);`
`173`	`179`	`}`