CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.5.1-dev (changelog, source)
Index
Search

Module PrototypePollutingAssignment

Provides sources, sinks, and sanitizers for reasoning about assignments that my cause prototype pollution.

Import path

import semmle.javascript.security.dataflow.PrototypePollutingAssignmentCustomizations

Classes

BarrierGuard

A barrier guard for prototype-polluting assignments.

ExternalInputSource

A parameter of an exported function, seen as a source prototype-polluting assignment.

FlowState

A flow state to associate with a tracked value.

ObjectPrototype

A flow label representing the Object.prototype value.

Sanitizer

A sanitizer for untrusted property names.

Sink

A data flow sink for prototype-polluting assignments or untrusted property names.

Source

A data flow source for untrusted data from which the special __proto__ property name may be arise.

Modules

FlowState

Predicates for working with flow states.

Aliases

Exports

EXPERIMENTAL. This API may change in the future.