From c2c8c29fbbe2bdc247aca705e7708d48f0e9e4bc Mon Sep 17 00:00:00 2001
From: Arjun Shibu <arjunshibu1999@gmail.com>
Date: Wed, 6 Jan 2021 21:36:17 +0530
Subject: [PATCH] Security fix for Prototype Polltution

---
 src/index.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/index.ts b/src/index.ts
index 32f6e49..5f258fa 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -74,6 +74,9 @@ function _set(value: any, path: Path, object: any): any {
   let reference = object;
 
   parsedPath.forEach((key, index) => {
+    if (isPrototypePolluted(key))
+      return;
+    
     if (index === parsedPath.length - 1) {
       reference[key] = value;
       return;
@@ -89,6 +92,10 @@ function _set(value: any, path: Path, object: any): any {
   return object;
 }
 
+function isPrototypePolluted(key: string) {
+  return ['__proto__', 'constructor', 'prototype'].includes(key);
+}
+
 export const get = curry(_get);
 export const getOr = curry(_getOr);
 export const has = curry(_has);