JS: Address doc review

2026-01-05 10:40:21 +01:00 · 2020-12-09 09:58:52 +00:00
parent 04f51bef5e
commit fd293d07d7
4 changed files with 5 additions and 2 deletions
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
@@ -1,7 +1,7 @@
 /**
 * @name Prototype-polluting assignment
 * @description Modifying an object obtained via a user-controlled property name may
- *              lead to accidental modification of the built-in Object.prototype,
+ *              lead to accidental mutation of the built-in Object prototype,
 *              and possibly escalate to remote code execution or cross-site scripting.
 * @kind path-problem
 * @problem.severity warning
@@ -9,6 +9,7 @@
 * @id js/prototype-polluting-assignment
 * @tags security
 *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
 *       external/cwe/cwe-094
 *       external/cwe/cwe-400
 *       external/cwe/cwe-915
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
@@ -8,6 +8,7 @@
 * @id js/prototype-pollution-utility
 * @tags security
 *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
 *       external/cwe/cwe-094
 *       external/cwe/cwe-400
 *       external/cwe/cwe-915
--- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
+++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
@@ -9,6 +9,7 @@
 * @id js/prototype-pollution
 * @tags security
 *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
 *       external/cwe/cwe-094
 *       external/cwe/cwe-400
 *       external/cwe/cwe-915