hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

update alert message to distinguish between library input and remote flow

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-05-17 12:17:48 +02:00
parent 6e183af383
commit d1238dfd8b
4 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
View File

@@ -24,4 +24,4 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink, source, sink,
"This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.",
source.getNode(), "here"
source.getNode(), source.getNode().(Source).describe()