hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Block prototype pollution flow into this

Browse Source
This commit is contained in:
Asger Feldthaus
2021-11-03 13:33:50 +01:00
parent 08bc80ffdb
commit 712614a03c
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll
View File

@@ -33,6 +33,8 @@ class Configuration extends TaintTracking::Configuration {
// Concatenating with a string will in practice prevent the string `__proto__` from arising.
node instanceof StringOps::ConcatenationRoot
or
node instanceof DataFlow::ThisNode
or
// Stop at .replace() calls that likely prevent __proto__ from arising
exists(StringReplaceCall replace |
node = replace and