Module PrototypePollutionQuery
Provides a taint-tracking configuration for tracking
user-controlled objects flowing into a vulnerable extends call.
Note, for performance reasons: only import this file if
PrototypePollution::Configuration is needed, otherwise
PrototypePollutionCustomizations should be imported instead.
Import path
import semmle.javascript.security.dataflow.PrototypePollutionQueryImports
| PrototypePollution | |
| SemVer | Provides classes for working SemVer (Semantic Versioning). |
| TaintedObject | Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data. |
| javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Classes
| Configuration | A taint tracking configuration for user-controlled objects flowing into deep |