add another example of how to fix the prototype pollution issue

2025-12-17 01:03:14 +01:00 · 2023-05-15 17:24:02 +02:00
parent 7a338c408e
commit 2ebce99eae
2 changed files with 22 additions and 0 deletions
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp
@@ -48,6 +48,12 @@
  </p>

  <sample src="examples/PrototypePollutingAssignmentFixed.js"/>
+
+  <p>
+    Another way to fix it is to prevent the <code>__proto__</code> property from being used as a key, as shown below:
+  </p>
+
+  <sample src="examples/PrototypePollutingAssignmentFixed2.js"/>
  
 </example>

--- a/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js
+++ b/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js
@@ -0,0 +1,16 @@
+let express = require('express');
+let app = express()
+
+app.put('/todos/:id', (req, res) => {
+    let id = req.params.id;
+    if (id === '__proto__' || id === 'constructor' || id === 'prototype') {
+        res.end(403);
+        return;
+    }
+    let items = req.session.todos[id];
+    if (!items) {
+        items = req.session.todos[id] = {};
+    }
+    items[req.query.name] = req.query.text;
+    res.end(200);
+});