Skip to content

Commit cf18bd7

Browse files
asgerfesbena
andauthored
Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
1 parent fd9975d commit cf18bd7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ predicate dynamicPropReadStep(Node base, Node key, SourceNode output) {
173173
output = read
174174
)
175175
or
176-
// Summarize functions returning a dynamic property read of two parameters.
176+
// Summarize functions returning a dynamic property read of two parameters, such as `function getProp(obj, prop) { return obj[prop]; }`.
177177
exists(CallNode call, Function callee, ParameterNode baseParam, ParameterNode keyParam, Node innerBase, Node innerKey, SourceNode innerOutput |
178178
dynamicPropReadStep(innerBase, innerKey, innerOutput) and
179179
baseParam.flowsTo(innerBase) and

0 commit comments

Comments
 (0)