From 5822e3778aa754e058cf3e8c6b2d3178181a9200 Mon Sep 17 00:00:00 2001 From: Andreas Loew Date: Thu, 31 Oct 2024 14:52:34 +0100 Subject: [PATCH] Fix code scanning alert no. 2: Prototype-polluting function Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- projects/ngx-translate/src/lib/util.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/projects/ngx-translate/src/lib/util.ts b/projects/ngx-translate/src/lib/util.ts index 24fc21f..9c8cd37 100644 --- a/projects/ngx-translate/src/lib/util.ts +++ b/projects/ngx-translate/src/lib/util.ts @@ -147,6 +147,11 @@ export function setValue(target: any, key: string, value: any): void { for (let i = 0; i < keys.length; i++) { const key = keys[i]; + // Skip dangerous properties to prevent prototype pollution + if (key === '__proto__' || key === 'constructor') { + continue; + } + // If we're at the last key, set the value if (i === keys.length - 1) { current[key] = value;