CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module PrototypePollution

Import path

import semmle.javascript.security.dataflow.PrototypePollutionCustomizations

Predicates

isVulnerableDeepExtendCallAllVersions

Holds if call comes from a package named id and is vulnerable to prototype pollution in every version of that package.

isVulnerableVersionOfDeepExtendCall

Holds if call is vulnerable to prototype pollution because the callee is defined by dep.

Classes

DeepExtendSink
Sink

A data flow sink for prototype pollution.

Source

A data flow source for prototype pollution.

TaintedObjectWrapper

A label for wrappers around tainted objects, that is, objects that are not completely user-controlled, but contain a user-controlled object.

Modules

TaintedObjectWrapper

Companion module to the TaintedObjectWrapper class.