From b2f57d0b5efd92716a1b8ad5de29ef9527067593 Mon Sep 17 00:00:00 2001
From: mtyszczak <mateusz.tyszczak@gmail.com>
Date: Wed, 26 Mar 2025 13:15:22 +0100
Subject: [PATCH] Handle unvalidated dynamic method call security vulnerability

---
 ts/wasm/__tests__/assets/api-mock.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ts/wasm/__tests__/assets/api-mock.ts b/ts/wasm/__tests__/assets/api-mock.ts
index c3b6da9b8..f25ad365b 100644
--- a/ts/wasm/__tests__/assets/api-mock.ts
+++ b/ts/wasm/__tests__/assets/api-mock.ts
@@ -50,7 +50,12 @@ export class JsonRpcMock extends AProxyMockResolver {
     // here we assume that the request is valid
     const { method, params } = req.body;
 
-    const response = this.mockData[method](params);
+    const mockFn = this.mockData[method];
+
+    if (typeof mockFn !== "function")
+      throw new Error(`Method ${method} is not implemented`);
+
+    const response = mockFn(params);
 
     res.json(response);
   }
-- 
GitLab