[Mapperly] Sensitive ExtraProperties leak due to ineffective filtering in single-parameter Map with [MapExtraProperties]

[vxchin]

Is there an existing issue for this?

• I have searched the existing issues

Description

Using single-parameter Map with [MapExtraProperties] does not prevent sensitive/unregistered ExtraProperties keys from leaking to the destination object.

Reproduction Steps

1. Add [MapExtraProperties] to a Mapperly mapping class.
2. Use the single-parameter Map overload (Map(object source)).
3. Prepare a source object with sensitive or unregistered keys in ExtraProperties.
4. Map to destination and observe keys that should be filtered, but are present.

Expected behavior

Destination should only contain allowed/filtered keys after mapping; unwanted properties must not leak.

Actual behavior

Sensitive/filtered keys appear in destination object due to prior copy by Mapperly.

Regression?

Not a regression; has always been present in current design.

Known Workarounds

Only avoid single-parameter overload or manually clear ExtraProperties after mapping.

Version

Current dev branch (2026-05)

User Interface

Common (Default)

Database Provider

None/Others

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Mapperly/Volo/Abp/Mapperly/MapperlyAutoObjectMappingProvider.cs