Skip to content

Commit

Permalink
Move forbidden keys to shared array
Browse files Browse the repository at this point in the history
  • Loading branch information
Mrtenz committed Dec 18, 2024
1 parent bafff42 commit aea7f62
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 5 deletions.
2 changes: 1 addition & 1 deletion packages/snaps-rpc-methods/jest.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ module.exports = deepmerge(baseConfig, {
branches: 92.98,
functions: 97.46,
lines: 97.94,
statements: 97.52,
statements: 97.53,
},
},
});
4 changes: 2 additions & 2 deletions packages/snaps-rpc-methods/src/permitted/getState.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import { hasProperty, isObject, type Json } from '@metamask/utils';

import { manageStateBuilder } from '../restricted/manageState';
import type { MethodHooksObject } from '../utils';
import { StateKeyStruct } from '../utils';
import { FORBIDDEN_KEYS, StateKeyStruct } from '../utils';

const hookNames: MethodHooksObject<GetStateHooks> = {
hasPermission: true,
Expand Down Expand Up @@ -164,7 +164,7 @@ export function get(
// eslint-disable-next-line @typescript-eslint/prefer-for-of
for (let i = 0; i < keys.length; i++) {
const currentKey = keys[i];
if (['__proto__', 'constructor'].includes(currentKey)) {
if (FORBIDDEN_KEYS.includes(currentKey)) {
throw rpcErrors.invalidParams(
'Invalid params: Key contains forbidden characters.',
);
Expand Down
4 changes: 2 additions & 2 deletions packages/snaps-rpc-methods/src/permitted/setState.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import { isObject, assert, JsonStruct, type Json } from '@metamask/utils';

import { manageStateBuilder } from '../restricted/manageState';
import type { MethodHooksObject } from '../utils';
import { StateKeyStruct } from '../utils';
import { FORBIDDEN_KEYS, StateKeyStruct } from '../utils';

const hookNames: MethodHooksObject<SetStateHooks> = {
hasPermission: true,
Expand Down Expand Up @@ -228,7 +228,7 @@ export function set(

for (let i = 0; i < keys.length; i++) {
const currentKey = keys[i];
if (['__proto__', 'constructor'].includes(currentKey)) {
if (FORBIDDEN_KEYS.includes(currentKey)) {
throw rpcErrors.invalidParams(
'Invalid params: Key contains forbidden characters.',
);
Expand Down
2 changes: 2 additions & 0 deletions packages/snaps-rpc-methods/src/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import { keccak_256 as keccak256 } from '@noble/hashes/sha3';

const HARDENED_VALUE = 0x80000000;

export const FORBIDDEN_KEYS = ['constructor', '__proto__', 'prototype'];

/**
* Maps an interface with method hooks to an object, using the keys of the
* interface, and `true` as value. This ensures that the `methodHooks` object
Expand Down

0 comments on commit aea7f62

Please sign in to comment.