Fix object injection issue

Signed-off-by: Fabio José <fabiojose@gmail.com>

lib/specs/spec_0_2.js

@@ -2,6 +2,18 @@ var uuid  = require("uuid/v4");
 var empty = require("is-empty");
 var Ajv   = require("ajv");
 
+// Reserved attributes names
+const reserved = {
+  type: "type",
+  specversion: "specversion",
+  source: "source",
+  id: "id",
+  time: "time",
+  schemaurl: "schemaurl",
+  contenttype: "contenttype",
+  data: "data"
+};
+
 const schema = require("../../ext/spec_0_2.json");
 
 // Default options
@@ -93,7 +105,11 @@ Spec02.prototype.getData = function() {
 };
 
 Spec02.prototype.addExtension = function(key, value){
-  this.payload[key] = value;
+  if(!reserved.hasOwnProperty(key)){
+    this.payload[key] = value;
+  } else {
+    throw {message: "Reserved attribute name: '" + key + "'"};
+  }
   return this;
 };
 

test/cloudevent_spec_0_2.js

@@ -9,9 +9,10 @@ const contenttype = "application/json";
 const data = {};
 const extensions = {};
 
-var cloudevent = new Cloudevent(Cloudevent.specs["0.2"])
-                       .type(type)
-                       .source(source);
+var cloudevent = 
+  new Cloudevent(Cloudevent.specs["0.2"])
+        .type(type)
+        .source(source);
 
 describe("CloudEvents Spec 0.2 - JavaScript SDK", () => {
 
@@ -65,6 +66,17 @@ describe("CloudEvents Spec 0.2 - JavaScript SDK", () => {
         cloudevent.addExtension("extension2", "value2");
         expect(cloudevent.format()["extension2"]).to.equal("value2");
       });
+
+      it("should throw an error when employ reserved name as extension", () => {
+        
+        var cevt = 
+          new Cloudevent(Cloudevent.specs["0.2"])
+                .type(type)
+                .source(source);
+        expect(cevt.addExtension.bind(cevt, "id"))
+          .to
+          .throw("Reserved attribute name: 'id'");
+      });
     });
 
     describe("The Constraints check", () => {