@nodesecure/js-x-ray/dist/probes/isPrototypePollution.js

JavaScript AST XRay analysis

// Import Internal Dependencies
import { getMemberExpressionIdentifier } from "../estree/index.js";
import { SourceFile } from "../SourceFile.js";
import { generateWarning } from "../warnings.js";
function validateNode(node) {
    if (node.type === "Literal" && node.value === "__proto__") {
        return [true, "literal"];
    }
    if (node.type === "MemberExpression") {
        const parts = [...getMemberExpressionIdentifier(node)];
        if (parts.at(-1) === "__proto__") {
            return [true, parts.join(".")];
        }
    }
    return [false];
}
function main(node, options) {
    const { sourceFile, data, signals } = options;
    sourceFile.warnings.push(generateWarning("prototype-pollution", {
        value: data === "literal" ? "__proto__" : data,
        location: node.loc ?? null
    }));
    return data === "literal" ? undefined : signals.Skip;
}
export default {
    name: "isPrototypePollution",
    validateNode,
    main,
    breakOnMatch: false
};
//# sourceMappingURL=isPrototypePollution.js.map