hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Address doc review

Browse Source
This commit is contained in:
Asger Feldthaus
2020-12-09 09:58:52 +00:00
parent 04f51bef5e
commit fd293d07d7
4 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/change-notes/2020-11-25-prototype-pollution.md
View File

@@ -6,6 +6,6 @@ lgtm,codescanning
This highlights indirect modification of `Object.prototype` via an unsafe `merge` call taking a user-controlled object as argument.
* The query previously named "Prototype pollution in utility function" (`js/prototype-pollution-utility`) has been renamed to "Prototype-polluting function".
This query highlights the implementation of an unsafe `merge` function, to ensure a robust API is exposed downstream.
* The above queries have been moved to the Security/CWE-915 folder, and tagged with CWE-079, CWE-094, CWE-400, and CWE-915.
* The above queries have been moved to the Security/CWE-915 folder, and assigned the following tags: CWE-078, CWE-079, CWE-094, CWE-400, and CWE-915.
* The query "Type confusion through parameter tampering" (`js/type-confusion-through-parameter-tampering`) now highlights
ineffective prototype pollution checks that can be bypassed by type confusion.