Provides default sources, sinks and sanitizers for reasoning about
user-controlled objects flowing into a vulnerable extends
call,
as well as extension points for adding your own.
Import path
import semmle.javascript.security.dataflow.PrototypePollutionCustomizations
Imports
SemVer | Provides classes for working SemVer (Semantic Versioning). |
TaintedObject | Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data. |
javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |