Copilot commented on code in PR #40747:
URL: https://github.com/apache/superset/pull/40747#discussion_r3352752275
##########
superset-frontend/src/middleware/asyncEvent.ts:
##########
@@ -63,17 +63,17 @@ let config: AppConfig;
let transport: string;
let pollingDelayMs: number;
let pollingTimeoutId: number;
-let listenersByJobId: Record<string, ListenerFn>;
-let retriesByJobId: Record<string, number>;
+let listenersByJobId: Map<string, ListenerFn>;
+let retriesByJobId: Map<string, number>;
let lastReceivedEventId: string | null | undefined;
-const addListener = (id: string, fn: any) => {
- listenersByJobId[id] = fn;
+const addListener = (id: string, fn: ListenerFn) => {
+ listenersByJobId.set(id, fn);
};
Review Comment:
Consider adding a small regression test for the motivating CodeQL case
(job_id like "__proto__" / "constructor") to ensure the listener/retry
registries never regress back to prototype-bearing lookups/prototype pollution
behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
