From f08906c93fadfc9dd1b98777a4c9a032763fbf2a Mon Sep 17 00:00:00 2001
From: Abhijeet Prasad <aprasad@sentry.io>
Date: Mon, 28 Oct 2024 17:32:54 -0400
Subject: [PATCH] Fix code scanning alert no. 307: Prototype-polluting
 assignment

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 packages/aws-serverless/src/sdk.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/aws-serverless/src/sdk.ts b/packages/aws-serverless/src/sdk.ts
index e052782d50eb..37df64d182dd 100644
--- a/packages/aws-serverless/src/sdk.ts
+++ b/packages/aws-serverless/src/sdk.ts
@@ -168,6 +168,12 @@ export function tryPatchHandler(taskRoot: string, handlerPath: string): void {
     return;
   }
 
+  // Check for prototype pollution
+  if (functionName === '__proto__' || functionName === 'constructor' || functionName === 'prototype') {
+    DEBUG_BUILD && logger.error(`Invalid handler name: ${functionName}`);
+    return;
+  }
+
   // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   (mod as HandlerModule)[functionName!] = wrapHandler(obj);
 }