hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql

Browse Source 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Asger F
2020-02-05 09:48:16 +00:00
committed by GitHub
parent fd9975db85
commit cf18bd7bb8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
View File

@@ -173,7 +173,7 @@ predicate dynamicPropReadStep(Node base, Node key, SourceNode output) {
output = read output = read
) )
or or
// Summarize functions returning a dynamic property read of two parameters. // Summarize functions returning a dynamic property read of two parameters, such as `function getProp(obj, prop) { return obj[prop]; }`.
exists(CallNode call, Function callee, ParameterNode baseParam, ParameterNode keyParam, Node innerBase, Node innerKey, SourceNode innerOutput | exists(CallNode call, Function callee, ParameterNode baseParam, ParameterNode keyParam, Node innerBase, Node innerKey, SourceNode innerOutput |
dynamicPropReadStep(innerBase, innerKey, innerOutput) and dynamicPropReadStep(innerBase, innerKey, innerOutput) and
baseParam.flowsTo(innerBase) and baseParam.flowsTo(innerBase) and