Skip to content

Commit

Permalink
validate dynamic method call
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbauszus-glx
dbauszus-glx committed Oct 26, 2023
1 parent ab33364 commit a6c431f
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions mod/workspace/getTemplate.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,12 @@ module.exports = async (template) => {
return template
}

const response = Object.hasOwn(getFrom, template.src.split(':')[0])
&& await getFrom[template.src.split(':')[0]](template.src)
let reponse;

if (Object.hasOwn(getFrom, template.src.split(':')[0])) {

response = await getFrom[template.src.split(':')[0]](template.src)

Check failure

Code scanning / CodeQL

Unvalidated dynamic method call High

Invocation of method with
user-controlled
Loading
name may dispatch to unexpected target and cause an exception.
}

if (response instanceof Error) {

Expand Down

0 comments on commit a6c431f

Please sign in to comment.