14

I am testing my code on ESLint. It says:

Variable Assigned to Object Injection Sink (security/detect-object-injection).

I'm not using an outer resource to assign it to my variable, though. Is there really a problem in the var a = newArray[c]; line?

function shuffleTitleImagesArray(originArr) {
        var newArray = originArr.slice(0); //copy of old array
        for (var c = 0; c < newArray.length; c++) {
            var b = Math.floor(Math.random() * (c + 1));
            var a = newArray[c];
            newArray[c] = newArray[b];
            newArray[b] = a;
        }
        return newArray;
    }
Anders
  • 64,406
  • 24
  • 178
  • 215
Andy
  • 141
  • 1
  • 1
  • 3
  • 1
    no problem, your code is fine since `c` is always a number. if `c` were user-provided, it could be changed to something bad like `.constructor` or "`.toString` that _could_ cause issues combined with other vulns/reporting – dandavis Oct 04 '17 at 20:11

2 Answers2

6

No, your code is safe. The problem here would be if the user could control what's inside the square brackets (c in this case). An attacker could then provide something unexpected, like the name of a method on the prototype chain. This in turn could trigger all sorts of unpredictable behaviour, potentially with security implications.

But in your case c will always be a number, so you are fine.

Anders
  • 64,406
  • 24
  • 178
  • 215
2

You just need to parse c into integer

var a = newArray[parseInt(d)];

there could be chances hacker may inject function or prototype chaining so that's why this security error comes.

viveksharma
  • 121
  • 2