how to fix codacy alert "Generic Object Injection Sink"

Asked 6/8, 2018 at 21:5 Answered 27/10, 2023 at 16:39

Below is my code. I don't think there is any problem.

How can I fool codacy? If I can't use obj[key], then what the hell is this thing? There is no way I can avoid [].

handleClick = (e, titleProps) => {
     const { index } = titleProps
     const newVal = this.state.activeIndexObj[index]? false: true
     let activeIndexObj = {...this.state.activeIndexObj}
     activeIndexObj[index] = newVal
     // Generic Object Injection Sink (security/detect-object-injection)

Unsightly answered 6/8, 2018 at 21:5 Comment(2)

Possible duplicate of Why is it bad pratice calling an array index with a variable? – Harriet 6/8, 2018 at 21:7

please, keep the comments respectful @NicolasS.Xu – Jevon 7/8, 2018 at 8:43

You just need to parse index into integer

activeIndexObj[parseInt(index)] = newVal

there could be chances hacker may inject function or prototype chaining so that's why this security error comes.

Camphorate answered 16/4, 2019 at 6:8 Comment(2)

Your amazing ! Brilliant idea – Borrero 22/10, 2019 at 19:40

Unfortunately this brings a type script error: TS2345: Argument of type 'number' is not assignable to parameter of type 'string'. My index is of type number, but security error is thrown. – Schliemann 14/9, 2021 at 8:44

if it's a number like i here try this :

 ranges[`${i}`]

Scalenus answered 27/10, 2023 at 16:39 Comment(1)

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Upstroke 28/10, 2023 at 8:52

the question linked on the comment by @luca (Why is it bad pratice calling an array index with a variable?) explains the problem with using a variable to access an array index. It's a security question.

If you allow a non validated input to be used as an array index, your application may crash. Even if you validate the index, it's a matter of time until you refactor the code and the validation be skipped. Hence the recommendation to avoid such code. One recommended solution is to use a Map: https://mcmap.net/q/729680/-why-is-it-bad-pratice-calling-an-array-index-with-a-variable

If you don't wanna know about this problem, it is possible to ignore the issue in the codacy UI: https://support.codacy.com/hc/en-us/articles/207279979-Issues#2-remove-pattern

Jevon answered 7/8, 2018 at 8:45 Comment(2)

The answer in "Why is it bad practice calling an array index with a variable" does not make sense at all. I think the answer is wrong. – Unsightly 7/8, 2018 at 15:44

well, in the codacy UI there are links explaining the issue, have a look by yourself: github.com/nodesecurity/… – Jevon 7/8, 2018 at 15:51

Recommended topics

Hot tags