mirror of
https://github.com/github/codeql.git
synced 2026-05-03 04:39:29 +02:00
Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules
This commit is contained in:
Esben Sparre Andreasen
@@ -1654,6 +1654,33 @@ nodes
|
||||
| normalizedPaths.js:346:19:346:22 | path |
|
||||
| normalizedPaths.js:346:19:346:22 | path |
|
||||
| normalizedPaths.js:346:19:346:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path |
|
||||
| normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| other-fs-libraries.js:9:7:9:48 | path |
|
||||
| other-fs-libraries.js:9:7:9:48 | path |
|
||||
| other-fs-libraries.js:9:7:9:48 | path |
|
||||
@@ -4787,6 +4814,37 @@ edges
|
||||
| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
|
||||
| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
|
||||
| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath |
|
||||
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
|
||||
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
|
||||
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
|
||||
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
|
||||
@@ -6005,6 +6063,8 @@ edges
|
||||
| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on $@. | normalizedPaths.js:303:13:303:26 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
|
||||
| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
|
||||
| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
|
||||
| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
|
||||
|
||||
@@ -347,4 +347,27 @@ app.get('/yet-another-prefix', (req, res) => {
|
||||
return;
|
||||
}
|
||||
fs.readFileSync(path); // OK
|
||||
});
|
||||
|
||||
var rootPath = process.cwd();
|
||||
app.get('/yet-another-prefix2', (req, res) => {
|
||||
let path = req.query.path;
|
||||
|
||||
fs.readFileSync(path); // NOT OK
|
||||
|
||||
var requestPath = pathModule.join(rootPath, path);
|
||||
|
||||
var targetPath;
|
||||
if (!allowPath(requestPath, rootPath)) {
|
||||
targetPath = rootPath;
|
||||
fs.readFileSync(requestPath); // NOT OK
|
||||
} else {
|
||||
targetPath = requestPath;
|
||||
fs.readFileSync(requestPath); // OK
|
||||
}
|
||||
fs.readFileSync(targetPath); // OK
|
||||
|
||||
function allowPath(requestPath, rootPath) {
|
||||
return requestPath.indexOf(rootPath) === 0;
|
||||
}
|
||||
});
|
||||
@@ -1,4 +1,85 @@
|
||||
nodes
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] |
|
||||
| PrototypePollutionUtility/tests.js:3:25:3:27 | dst |
|
||||
| PrototypePollutionUtility/tests.js:3:25:3:27 | dst |
|
||||
| PrototypePollutionUtility/tests.js:3:30:3:32 | src |
|
||||
@@ -1173,6 +1254,94 @@ nodes
|
||||
| examples/PrototypePollutionUtility_fixed.js:7:28:7:30 | key |
|
||||
| examples/PrototypePollutionUtility_fixed.js:7:28:7:30 | key |
|
||||
edges
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key | PrototypePollutionUtility/path-assignment.js:15:20:15:22 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:8:13:8:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target | PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:27 | target | PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] | PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] | PrototypePollutionUtility/path-assignment.js:13:13:13:32 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key | PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:13:29:13:31 | key | PrototypePollutionUtility/path-assignment.js:13:22:13:32 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:25:42:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key | PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:41:13:41:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:18:42:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | PrototypePollutionUtility/path-assignment.js:42:9:42:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target | PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:37 | target | PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] | PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] | PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] | PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] | PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} | PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:32:42:48 | target[key] \|\| {} | PrototypePollutionUtility/path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key | PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:42:39:42:41 | key | PrototypePollutionUtility/path-assignment.js:42:32:42:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] | PrototypePollutionUtility/path-assignment.js:44:12:44:18 | keys[i] |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:25:59:27 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key | PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:58:13:58:25 | key |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:18:59:23 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | PrototypePollutionUtility/path-assignment.js:59:9:59:48 | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target | PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:37 | target | PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] | PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] | PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] | PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] | PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} | PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:32:59:48 | target[key] \|\| {} | PrototypePollutionUtility/path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key | PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:59:39:59:41 | key | PrototypePollutionUtility/path-assignment.js:59:32:59:42 | target[key] |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] | PrototypePollutionUtility/path-assignment.js:61:12:61:18 | keys[i] |
|
||||
| PrototypePollutionUtility/tests.js:3:25:3:27 | dst | PrototypePollutionUtility/tests.js:6:28:6:30 | dst |
|
||||
| PrototypePollutionUtility/tests.js:3:25:3:27 | dst | PrototypePollutionUtility/tests.js:6:28:6:30 | dst |
|
||||
| PrototypePollutionUtility/tests.js:3:25:3:27 | dst | PrototypePollutionUtility/tests.js:8:13:8:15 | dst |
|
||||
@@ -2669,6 +2838,9 @@ edges
|
||||
| examples/PrototypePollutionUtility_fixed.js:7:28:7:30 | key | examples/PrototypePollutionUtility_fixed.js:7:24:7:31 | src[key] |
|
||||
| examples/PrototypePollutionUtility_fixed.js:7:28:7:30 | key | examples/PrototypePollutionUtility_fixed.js:7:24:7:31 | src[key] |
|
||||
#select
|
||||
| PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target | PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target | The property chain $@ is recursively assigned to $@ without guarding against prototype pollution. | PrototypePollutionUtility/path-assignment.js:8:19:8:25 | keys[i] | here | PrototypePollutionUtility/path-assignment.js:15:13:15:18 | target | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target | PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target | The property chain $@ is recursively assigned to $@ without guarding against prototype pollution. | PrototypePollutionUtility/path-assignment.js:41:19:41:25 | keys[i] | here | PrototypePollutionUtility/path-assignment.js:44:5:44:10 | target | target |
|
||||
| PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target | PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target | The property chain $@ is recursively assigned to $@ without guarding against prototype pollution. | PrototypePollutionUtility/path-assignment.js:58:19:58:25 | keys[i] | here | PrototypePollutionUtility/path-assignment.js:61:5:61:10 | target | target |
|
||||
| PrototypePollutionUtility/tests.js:8:13:8:15 | dst | PrototypePollutionUtility/tests.js:4:14:4:16 | key | PrototypePollutionUtility/tests.js:8:13:8:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:4:21:4:23 | src | src | PrototypePollutionUtility/tests.js:8:13:8:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:18:13:18:15 | dst | PrototypePollutionUtility/tests.js:14:30:14:32 | key | PrototypePollutionUtility/tests.js:18:13:18:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:14:17:14:19 | src | src | PrototypePollutionUtility/tests.js:18:13:18:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:36:9:36:11 | dst | PrototypePollutionUtility/tests.js:25:18:25:20 | key | PrototypePollutionUtility/tests.js:36:9:36:11 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:25:25:25:30 | source | source | PrototypePollutionUtility/tests.js:36:9:36:11 | dst | dst |
|
||||
@@ -2677,7 +2849,7 @@ edges
|
||||
| PrototypePollutionUtility/tests.js:109:13:109:15 | dst | PrototypePollutionUtility/tests.js:102:14:102:16 | key | PrototypePollutionUtility/tests.js:109:13:109:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:102:21:102:23 | src | src | PrototypePollutionUtility/tests.js:109:13:109:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:154:13:154:15 | dst | PrototypePollutionUtility/tests.js:150:14:150:16 | key | PrototypePollutionUtility/tests.js:154:13:154:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:150:21:150:23 | src | src | PrototypePollutionUtility/tests.js:154:13:154:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:196:13:196:15 | dst | PrototypePollutionUtility/tests.js:192:19:192:25 | keys[i] | PrototypePollutionUtility/tests.js:196:13:196:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:190:28:190:30 | src | src | PrototypePollutionUtility/tests.js:196:13:196:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | PrototypePollutionUtility/tests.js:238:14:238:16 | key | PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:238:21:238:24 | data | data | PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | this object |
|
||||
| PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | PrototypePollutionUtility/tests.js:238:14:238:16 | key | PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:238:21:238:24 | data | data | PrototypePollutionUtility/tests.js:233:5:233:13 | map[key1] | here |
|
||||
| PrototypePollutionUtility/tests.js:270:13:270:15 | dst | PrototypePollutionUtility/tests.js:265:19:265:26 | entry[0] | PrototypePollutionUtility/tests.js:270:13:270:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:264:20:264:22 | src | src | PrototypePollutionUtility/tests.js:270:13:270:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:280:13:280:15 | dst | PrototypePollutionUtility/tests.js:276:34:276:36 | key | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:276:21:276:23 | src | src | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | dst |
|
||||
| PrototypePollutionUtility/tests.js:308:17:308:19 | dst | PrototypePollutionUtility/tests.js:302:14:302:16 | key | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:302:21:302:23 | src | src | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | dst |
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
function isSafe(key) {
|
||||
return key !== "__proto__" && key !== "constructor" && key !== "prototype";
|
||||
}
|
||||
|
||||
function assignToPath(target, path, value) {
|
||||
let keys = path.split('.');
|
||||
for (let i = 0; i < keys.length; ++i) {
|
||||
let key = keys[i];
|
||||
if (i < keys.length - 1) {
|
||||
if (!target[key]) {
|
||||
target[key] = {};
|
||||
}
|
||||
target = target[key];
|
||||
} else {
|
||||
target[key] = value; // NOT OK
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function assignToPathSafe(target, path, value) {
|
||||
let keys = path.split('.');
|
||||
for (let i = 0; i < keys.length; ++i) {
|
||||
let key = keys[i];
|
||||
if (!isSafe(key)) return;
|
||||
if (i < keys.length - 1) {
|
||||
if (!target[key]) {
|
||||
target[key] = {};
|
||||
}
|
||||
target = target[key];
|
||||
} else {
|
||||
target[key] = value; // OK
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function assignToPathAfterLoop(target, path, value) {
|
||||
let keys = path.split('.');
|
||||
let i;
|
||||
for (i = 0; i < keys.length - 1; ++i) {
|
||||
let key = keys[i];
|
||||
target = target[key] = target[key] || {};
|
||||
}
|
||||
target[keys[i]] = value; // NOT OK
|
||||
}
|
||||
|
||||
function splitHelper(path, sep) {
|
||||
let parts = typeof path === 'string' ? path.split(sep || '.') : path;
|
||||
let result = [];
|
||||
result.push(...parts);
|
||||
return result;
|
||||
}
|
||||
|
||||
function assignToPathWithHelper(target, path, value, sep) {
|
||||
let keys = splitHelper(path, sep)
|
||||
let i;
|
||||
for (i = 0; i < keys.length - 1; ++i) {
|
||||
let key = keys[i];
|
||||
target = target[key] = target[key] || {};
|
||||
}
|
||||
target[keys[i]] = value; // NOT OK
|
||||
}
|
||||
Reference in New Issue
Block a user