Merge pull request #1318 from asger-semmle/prototype-pollution-query2

Move prototype pollution query into suite
2026-05-05 05:35:13 +02:00 · 2019-05-21 12:23:41 +02:00
parent 29ae7b5c3c ba69e19e95
commit 3af3c5413b
6 changed files with 96 additions and 2 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.ql
@@ -1,20 +0,0 @@
-/**
- * @name Prototype Pollution
- * @description Recursively merging a user-controlled object into another object
- *              can allow an attacker to modify the built-in Object prototype. 
- * @kind path-problem
- * @problem.severity warning
- * @precision high
- * @id js/prototype-pollution
- * @tags security
- *       external/cwe/cwe-250
- *       external/cwe/cwe-400
- */
-
-import javascript
-import semmle.javascript.security.dataflow.PrototypePollution::PrototypePollution
-import DataFlow::PathGraph
-
-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Prototype pollution caused by merging a user-controlled value from $@.", source, "here"
--- a/javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.qlref
@@ -0,0 +1 @@
+Security/CWE-400/PrototypePollution.ql