From bc0c5faf539fd5813a0652fc791b81113a1c3dbf Mon Sep 17 00:00:00 2001
From: shrouti1507 <shrouti.gangopadhyay@gmail.com>
Date: Tue, 9 Apr 2024 23:50:13 +0530
Subject: [PATCH] fix: adding check for reserved key words

---
 src/v0/util/index.js      | 23 +++++++++++++++++--
 src/v0/util/index.test.js | 47 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+), 2 deletions(-)

diff --git a/src/v0/util/index.js b/src/v0/util/index.js
index 32872cc5d9..feb8e72130 100644
--- a/src/v0/util/index.js
+++ b/src/v0/util/index.js
@@ -1328,12 +1328,24 @@ const generateExclusionList = (mappingConfig) =>
  */
 function extractCustomFields(message, payload, keys, exclusionFields) {
   const mappingKeys = [];
+  // Define reserved words
+  const reservedWords = ['__proto__', 'constructor', 'prototype'];
+
+  const isReservedWord = (key) => reservedWords.includes(key);
+
   if (Array.isArray(keys)) {
     keys.forEach((key) => {
       const messageContext = get(message, key);
       if (messageContext) {
         Object.keys(messageContext).forEach((k) => {
-          if (!exclusionFields.includes(k)) mappingKeys.push(k);
+          if (isReservedWord(k)) {
+            throw new InstrumentationError(
+              `The property name ${k} is a reserved word. This cannot be used to build a payload`,
+            );
+          }
+          if (!exclusionFields.includes(k)) {
+            mappingKeys.push(k);
+          }
         });
         mappingKeys.forEach((mappingKey) => {
           if (!(typeof messageContext[mappingKey] === 'undefined')) {
@@ -1344,7 +1356,14 @@ function extractCustomFields(message, payload, keys, exclusionFields) {
     });
   } else if (keys === 'root') {
     Object.keys(message).forEach((k) => {
-      if (!exclusionFields.includes(k)) mappingKeys.push(k);
+      if (!exclusionFields.includes(k)) {
+        if (isReservedWord(k)) {
+          throw new InstrumentationError(
+            `The property name ${k} is a reserved word. This cannot be used to build a payload`,
+          );
+        }
+        mappingKeys.push(k);
+      }
     });
     mappingKeys.forEach((mappingKey) => {
       if (!(typeof message[mappingKey] === 'undefined')) {
diff --git a/src/v0/util/index.test.js b/src/v0/util/index.test.js
index 810eb5a9d4..e47e29313d 100644
--- a/src/v0/util/index.test.js
+++ b/src/v0/util/index.test.js
@@ -506,3 +506,50 @@ describe('validateEventAndLowerCaseConversion Tests', () => {
     }).toThrow(InstrumentationError);
   });
 });
+
+describe('extractCustomFields', () => {
+  // Handle reserved words in message keys
+  it('should handle reserved words in message keys when keys are provided', () => {
+    const message = {
+      traits: {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'john.doe@example.com',
+      },
+      context: {
+        traits: {
+          phone: '1234567890',
+          city: 'New York',
+          country: 'USA',
+        },
+      },
+      properties: {
+        title: 'Developer',
+        organization: 'ABC Company',
+        zip: '12345',
+        prototype: 'reserved',
+      },
+    };
+
+    const payload = {};
+
+    const keys = ['properties', 'context.traits', 'traits'];
+
+    const exclusionFields = [
+      'firstName',
+      'lastName',
+      'phone',
+      'title',
+      'organization',
+      'city',
+      'region',
+      'country',
+      'zip',
+      'image',
+      'timezone',
+    ];
+    expect(() => {
+      utilities.extractCustomFields(message, payload, keys, exclusionFields);
+    }).toThrow(InstrumentationError);
+  });
+});