Handle unvalidated dynamic method call security vulnerability

b2f57d0b · Mateusz Tyszczak · Bartek Wrona · e5bd455d · b2f57d0b
Commit b2f57d0b authored 1 week ago by Mateusz Tyszczak Committed by Bartek Wrona 6 days ago
--- a/ts/wasm/__tests__/assets/api-mock.ts
+++ b/ts/wasm/__tests__/assets/api-mock.ts
@@ -50,7 +50,12 @@ export class JsonRpcMock extends AProxyMockResolver {
    // here we assume that the request is valid
    const { method, params } = req.body;

-    const response = this.mockData[method](params);
+    const mockFn = this.mockData[method];
+
+    if (typeof mockFn !== "function")
+      throw new Error(`Method ${method} is not implemented`);
+
+    const response = mockFn(params);

    res.json(response);
  }