CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Predicate PrototypePollution::isVulnerableVersionOfDeepExtendCall

Holds if call is vulnerable to prototype pollution because the callee is defined by dep.

Import path

import semmle.javascript.security.dataflow.PrototypePollutionCustomizations
predicate isVulnerableVersionOfDeepExtendCall(ExtendCall call, Dependency dep)