From 5170fa2ded2acfff9fc822c00348f5b66534957b Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 31 May 2019 10:58:56 +0100 Subject: [PATCH 1/3] JS: Add change note for prototype pollution --- change-notes/1.21/analysis-javascript.md | 1 + 1 file changed, 1 insertion(+) diff --git a/change-notes/1.21/analysis-javascript.md b/change-notes/1.21/analysis-javascript.md index 3555fdc0d3b6..587e71185cbc 100644 --- a/change-notes/1.21/analysis-javascript.md +++ b/change-notes/1.21/analysis-javascript.md @@ -27,6 +27,7 @@ | **Query** | **Tags** | **Purpose** | |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. | ## Changes to existing queries From ffb3265b268cfd3fecf2492f23e79f05bcb965c5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 31 May 2019 11:35:35 +0100 Subject: [PATCH 2/3] JS: Mention results are shown on LGTM --- change-notes/1.21/analysis-javascript.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/change-notes/1.21/analysis-javascript.md b/change-notes/1.21/analysis-javascript.md index 587e71185cbc..284f2b087c7a 100644 --- a/change-notes/1.21/analysis-javascript.md +++ b/change-notes/1.21/analysis-javascript.md @@ -27,7 +27,7 @@ | **Query** | **Tags** | **Purpose** | |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. | +| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. The results are shown on LGTM by default. | ## Changes to existing queries From a4a9e951d5964ce4b159ce421df0e683d826d6da Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 31 May 2019 11:44:06 +0100 Subject: [PATCH 3/3] JS: Add query ID to change note --- change-notes/1.21/analysis-javascript.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/change-notes/1.21/analysis-javascript.md b/change-notes/1.21/analysis-javascript.md index 284f2b087c7a..d2faa5bd44a8 100644 --- a/change-notes/1.21/analysis-javascript.md +++ b/change-notes/1.21/analysis-javascript.md @@ -27,7 +27,7 @@ | **Query** | **Tags** | **Purpose** | |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Prototype pollution | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. The results are shown on LGTM by default. | +| Prototype pollution (`js/prototype-pollution`) | security, external/cwe-250, external/cwe-400 | Highlights code that allows an attacker to modify a built-in prototype object through an unsanitized recursive merge function. The results are shown on LGTM by default. | ## Changes to existing queries