bito-code-review[bot] commented on PR #40747: URL: https://github.com/apache/superset/pull/40747#issuecomment-4617930435
<!-- Bito Reply --> The pull request already addresses the prototype pollution risk by migrating `listenersByJobId` and `retriesByJobId` from plain objects (`Record<string, ...>`) to `Map<string, ...>`. Using `Map` ensures that lookups are safe from prototype-bearing keys like `__proto__` or `constructor`, as `Map` does not inherit from `Object.prototype` in the same way. Adding a regression test is a good practice to verify this behavior; you can create a test case that attempts to register or process a job with the ID `"__proto__"` and asserts that the listener or retry count is stored correctly within the map without affecting the prototype chain. **superset-frontend/src/middleware/asyncEvent.ts** ``` -let listenersByJobId: Record<string, ListenerFn>; -let retriesByJobId: Record<string, number>; +let listenersByJobId: Map<string, ListenerFn>; +let retriesByJobId: Map<string, number>; ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
