From be55340c06baaf29a63c6a7136c9eb6551f2e61e Mon Sep 17 00:00:00 2001
From: George Raduta <george.raduta@cern.ch>
Date: Mon, 26 May 2025 17:25:43 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 169:
 Prototype-polluting function

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../environment/EnvironmentCache.service.js     | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/Control/lib/services/environment/EnvironmentCache.service.js b/Control/lib/services/environment/EnvironmentCache.service.js
index ce1972455..12255be1e 100644
--- a/Control/lib/services/environment/EnvironmentCache.service.js
+++ b/Control/lib/services/environment/EnvironmentCache.service.js
@@ -91,12 +91,21 @@ class EnvironmentCacheService {
       const keys = attributePath.split('.');
       for (let i = 0; i < keys.length - 1; i++) {
         const key = keys[i];
+        if (key === "__proto__" || key === "constructor") {
+          this._logger.warnMessage(`Attempt to modify restricted property '${key}' in environment with id ${id}.`);
+          return null;
+        }
         if (!current[key]) {
           current[key] = {};
-        }
-        current = current[key];
-      }
-      current[keys[keys.length - 1]] = value;
+       }
+       current = current[key];
+     }
+     const finalKey = keys[keys.length - 1];
+     if (finalKey === "__proto__" || finalKey === "constructor") {
+       this._logger.warnMessage(`Attempt to modify restricted property '${finalKey}' in environment with id ${id}.`);
+       return null;
+     }
+     current[finalKey] = value;
 
       this._environments.set(id, cachedEnvironment);
       return cachedEnvironment;