hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port PrototypePollutingFunction

Browse Source
This commit is contained in:
Asger F
2023-10-04 21:37:13 +02:00
parent f1f45927b1
commit adf7d5409d
3 changed files with 874 additions and 3019 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3690
javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected
View File

File diff suppressed because it is too large Load Diff

21
javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js
View File

@@ -513,7 +513,7 @@ function usingDefineProperty(dst, src) {
usingDefineProperty(dst[key], src[key]);
} else {
var descriptor = {};
descriptor.value = src[key];
descriptor.value = src[key];
Object.defineProperty(dst, key, descriptor); // NOT OK
}
}
@@ -587,3 +587,22 @@ function indirectHasOwn(dst, src) {
function hasOwn(obj, key) {
return obj.hasOwnProperty(key)
}
function captureBarrier(obj) {
if (!obj || typeof obj !== 'object') {
return obj; // 'obj' is captured but should not propagate through here
}
const fn = () => obj;
fn();
return "safe";
}
function merge_captureBarrier(dest, source) {
for (const key of Object.keys(source)) {
if (dest[key]) {
merge_captureBarrier(dest[key], source[key]);
} else {
dest[key] = captureBarrier(source[key]); // OK - but currently flagged anyway
}
}
}