Module PrototypePollutingAssignmentQuery

Provides a taint tracking configuration for reasoning about prototype-polluting assignments.

Note, for performance reasons: only import this file if PrototypePollutingAssignment::Configuration is needed, otherwise PrototypePollutingAssignmentCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery

Imports

PrototypePollutingAssignment

Provides sources, sinks, and sanitizers for reasoning about assignments that my cause prototype pollution.

Predicates

isIgnoredLibraryFlow	Holds if the given `source, sink` pair should not be reported, as we don’t have enough confidence in the alert given that source is a library input.
prototypeLessObject	Gets a data flow node referring to an object created with `Object.create`.

Classes

Configuration	DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead.
NumberGuard	A guard that checks whether `x` is a number.

Modules

PrototypePollutingAssignmentConfig

A taint-tracking configuration for reasoning about prototype-polluting assignments.

Aliases

PrototypePollutingAssignmentFlow

Taint-tracking for reasoning about prototype-polluting assignments.