Node.js - Generic Object Injection Sink (on eslint) using FOR iteration

Asked May 18 '22 at 20:23

Active May 18 '22 at 20:23

Viewed 34 times

I have a node project and a function to find a specific object item

My code:

const filterObjectItem = (myObject, property, value) => {
    for (const prop in myObject) {
        if (prop === property) {
            for (const item in myObject[prop]) {
                if (item === value) {
                    return myObject[prop][item][0]
                }
            }
        }
    }

    return false
}

the function workingl, but I'm getting this warning when running the eslint

warning  Generic Object Injection Sink  security/detect-object-injection

does anyone have an idea how to refactor the function to solve this warnning?

asked May 18 '22 at 20:23

r31sr4r

1

Don't refactor. Ignore or remove the rule. [Issue 21](https://github.com/nodesecurity/eslint-plugin-security/issues/21#issuecomment-326031625): "*We know Object injection is pretty false positive prone*". And it doesn't even do what it advertises ("*Detects variable[key] as a left- or right-hand assignment operand.*") - there is no assignment in your code. It just complains about *every* dynamic member access. – Bergi May 18 '22 at 20:46

Node.js - Generic Object Injection Sink (on eslint) using FOR iteration

0 Answers0

Linked