Move forbidden keys to shared array

Mrtenz · Mrtenz · commit aea7f625fe25 · 2024-12-18T15:27:28.000+01:00
diff --git a/packages/snaps-rpc-methods/jest.config.js b/packages/snaps-rpc-methods/jest.config.js
@@ -13,7 +13,7 @@ module.exports = deepmerge(baseConfig, {
       branches: 92.98,
       functions: 97.46,
       lines: 97.94,
-      statements: 97.52,
+      statements: 97.53,
     },
   },
 });
diff --git a/packages/snaps-rpc-methods/src/permitted/getState.ts b/packages/snaps-rpc-methods/src/permitted/getState.ts
@@ -15,7 +15,7 @@ import { hasProperty, isObject, type Json } from '@metamask/utils';
 
 import { manageStateBuilder } from '../restricted/manageState';
 import type { MethodHooksObject } from '../utils';
-import { StateKeyStruct } from '../utils';
+import { FORBIDDEN_KEYS, StateKeyStruct } from '../utils';
 
 const hookNames: MethodHooksObject<GetStateHooks> = {
   hasPermission: true,
@@ -164,7 +164,7 @@ export function get(
   // eslint-disable-next-line @typescript-eslint/prefer-for-of
   for (let i = 0; i < keys.length; i++) {
     const currentKey = keys[i];
-    if (['__proto__', 'constructor'].includes(currentKey)) {
+    if (FORBIDDEN_KEYS.includes(currentKey)) {
       throw rpcErrors.invalidParams(
         'Invalid params: Key contains forbidden characters.',
       );
diff --git a/packages/snaps-rpc-methods/src/permitted/setState.ts b/packages/snaps-rpc-methods/src/permitted/setState.ts
@@ -16,7 +16,7 @@ import { isObject, assert, JsonStruct, type Json } from '@metamask/utils';
 
 import { manageStateBuilder } from '../restricted/manageState';
 import type { MethodHooksObject } from '../utils';
-import { StateKeyStruct } from '../utils';
+import { FORBIDDEN_KEYS, StateKeyStruct } from '../utils';
 
 const hookNames: MethodHooksObject<SetStateHooks> = {
   hasPermission: true,
@@ -228,7 +228,7 @@ export function set(
 
   for (let i = 0; i < keys.length; i++) {
     const currentKey = keys[i];
-    if (['__proto__', 'constructor'].includes(currentKey)) {
+    if (FORBIDDEN_KEYS.includes(currentKey)) {
       throw rpcErrors.invalidParams(
         'Invalid params: Key contains forbidden characters.',
       );
diff --git a/packages/snaps-rpc-methods/src/utils.ts b/packages/snaps-rpc-methods/src/utils.ts
@@ -21,6 +21,8 @@ import { keccak_256 as keccak256 } from '@noble/hashes/sha3';
 
 const HARDENED_VALUE = 0x80000000;
 
+export const FORBIDDEN_KEYS = ['constructor', '__proto__', 'prototype'];
+
 /**
  * Maps an interface with method hooks to an object, using the keys of the
  * interface, and `true` as value. This ensures that the `methodHooks` object
