How to resolve eslint "Generic Object Injection Sink" error?

javascript json node.js eslint

Solution 1:

You are searching for an ES lint error fix:

Here is the syntax for it

json [`${key}`]

Example:

const obj = { 
    eventName: 'Music event', 
    landingPic: 'landing.jpg',
    eventPic0: 'pic0.jpg',
    eventPic1: 'pic1.jpg',
    eventPic2: 'pic2.jpg',
    eventPic3: 'pic3.jpg',
    artist: 'Elie'
};

// array of keys which need to  be read
const arrayOfKey = ['landingPic', 'eventPic0', 'eventPic1',  'eventPic2',  'eventPic3'];

// let's read the value by a key in array
arrayOfKey.forEach( key => {
    const value = obj[`${key}`];
    console.log(value);
});

Solution 2:

What its trying to say is that using this notation:

  • You are able to modify even prototype properties of the object which is considered dangerous
  • By being able to modify everything, you are also able to modify the constructor (method/function) so it may be injected and then exploited.

The subject is described analytically here, providing a simple example:

https://web.archive.org/web/20150430062816/https://blog.liftsecurity.io/2015/01/15/the-dangers-of-square-bracket-notation

Related

Python - modifying variable passed to function
Django: How to use an annotation from a parent queryset?
Turning a SpatRaster object to a SpatialGridDataFrame
AssertionError: `HyperlinkedIdentityField` requires the request in the serializer context
Creating a reference to a hash table element
Wpf dragdrop, how to visually reject the drop during the drag?
How to fill out an abstract method?
React Native + Expo : save pdf/word doc from url and use Linking to Open the file in a different app
OpenMP: task_reduction=reduction? What is 'in_reduction'?
How to read from redux persisted store (localstorage)
A method const with std::future
fill missing value based on one column to another