Security: Fix prototype pollution vulnerability (CodeQL #3)

## Description
A prototype pollution vulnerability has been detected in the application where user-controlled input can modify Object.prototype.

## Location
- File: telemetry.js
- Line: 26

## Issue
The application is assigning values to an object using property names that come from user input. If a malicious user provides __proto__ as the property name, they could modify the Object.prototype, leading to prototype pollution. This could allow an attacker to tamper with application logic and potentially escalate to remote code execution or cross-site scripting.

## Recommendation
To fix this issue:
1. Use Map objects instead of regular objects when storing key-value pairs with user-controlled keys
2. Explicitly check and reject dangerous property names like __proto__, constructor, and prototype
3. Use Object.create(null) to create objects without a prototype when appropriate
4. Consider using a library that prevents prototype pollution

## Example Fix
Before:


After:


Alternative fix using Map:


## References
- [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)
- [OWASP: Prototype Pollution](https://owasp.org/www-community/vulnerabilities/Prototype_pollution)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Fix prototype pollution vulnerability (CodeQL #3) #25

Description

Location

Issue

Recommendation

Example Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Fix prototype pollution vulnerability (CodeQL #3) #25

Description

Description

Location

Issue

Recommendation

Example Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions