JS: Adding model for .get function of Map in Unvalidated Dynamic Method Call#7828
Conversation
| app.get('/perform/:action/:payload', function(req, res) { | ||
| let action = actions.get(req.params.action); | ||
| // GOOD: `action` is either the `play` or the `pause` function from above | ||
| if (typeof action === 'function') { |
There was a problem hiding this comment.
This should not be flagged because action cannot be from proto right?
There was a problem hiding this comment.
That sounds right, a call to get on a map shouldn't be able to return something from the prototype.
I've seen a bunch of get implementations that are implemented like function get(x) {return obj[x];}, but if that's the case, then the query should pick up on the dynamic property read inside the get function.
.get function of Map.get function of Map in Unvalidated Dynamic Method Call
.get function of Map in Unvalidated Dynamic Method Call.get function of Map in Unvalidated Dynamic Method Call
erik-krogh
left a comment
There was a problem hiding this comment.
LGTM 👍
Good work!
Just two comments about the placement of the // OK comments.
…amicMethodCallGood4.js Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
…amicMethodCallGood3.js Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
And my suggestions made it so the |
|
Ah, just realized that line numbers changed! Yes, will fix the expected files! |
erik-krogh
left a comment
There was a problem hiding this comment.
👍
I'll do a small evaluation to check if there is a performance regression (I highly doubt that), and then I'll merge it.
Fixes the first part of #7803
Thanks to @max-schaefer for suggesting the dataflow alternative of enhancement I proposed
Summary of changes -
.getfunction ofMap