javascript.lang.security.audit.prototype-pollution.prototype-pollution-function.prototype-pollution-function
returntocorpAuthor
137
Download Count*
License
This rule is deprecated.
Run Locally
Run in CI
Defintion
rules:
- id: prototype-pollution-function
message: This rule is deprecated.
metadata:
cwe:
- "CWE-915: Improperly Controlled Modification of Dynamically-Determined
Object Attributes"
category: security
references:
- https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
technology:
- javascript
owasp:
- A08:2021 - Software and Data Integrity Failures
deprecated: true
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
languages:
- javascript
- typescript
severity: WARNING
patterns:
- pattern: a()
- pattern: b()
Examples
prototype-pollution-function.js
const merge1 = (dst, src) => {
for (let key in src) {
if (!src.hasOwnProperty(key)) continue;
if (isObject(dst[key])) {
merge1(dst[key], src[key]);
} else {
dst[key] = src[key];
}
}
}
function merge2(dst, src) {
for (let key in src) {
if (!src.hasOwnProperty(key)) continue;
if (isObject(dst[key])) {
merge2(dst[key], src[key]);
} else {
dst[key] = src[key];
}
}
}
function okMerge1(dst, src) {
for (let key in src) {
if (!src.hasOwnProperty(key)) continue;
if (dst.hasOwnProperty(key) && isObject(dst[key])) {
okMerge1(dst[key], src[key]);
} else {
dst[key] = src[key];
}
}
}
function okMerge2(dst, src) {
for (let key in src) {
if (!src.hasOwnProperty(key)) continue;
if (key === "__proto__" || key === "constructor") continue;
if (isObject(dst[key])) {
okMerge2(dst[key], src[key]);
} else {
dst[key] = src[key];
}
}
}
Short Link: https://sg.run/kkZe