Skip to content

JS: Add change note for prototype pollution #1386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
semmle-qlci merged 3 commits into from
May 31, 2019
Merged

JS: Add change note for prototype pollution #1386

semmle-qlci merged 3 commits into from
May 31, 2019

Conversation

@asger-semmle
Copy link
Contributor

@asger-semmle asger-semmle commented May 31, 2019

No description provided.

@asger-semmle asger-semmle added this to the 1.21.0 milestone May 31, 2019
xiemaisi
xiemaisi previously approved these changes May 31, 2019
View reviewed changes
xiemaisi
xiemaisi reviewed May 31, 2019
View reviewed changes
change-notes/1.21/analysis-javascript.md Outdated
| **Query** | **Tags** | **Purpose** |
|-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. |
| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. The results are shown on LGTM by default. |
Copy link

@xiemaisi xiemaisi May 31, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we're fiddling with this, could you also add the query id after the query name?

@semmle-qlci semmle-qlci merged commit c0440cf into github:master May 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@xiemaisi xiemaisi xiemaisi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

1.21.0

Development

Successfully merging this pull request may close these issues.

3 participants

@asger-semmle @xiemaisi @semmle-qlci