add another example of how to fix the prototype pollution issue

erik-krogh · erik-krogh · commit 2ebce99eae85 · 2023-05-15T17:24:02.000+02:00
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp
@@ -48,6 +48,12 @@
   </p>
 
   <sample src="examples/PrototypePollutingAssignmentFixed.js"/>
+
+  <p>
+    Another way to fix it is to prevent the <code>__proto__</code> property from being used as a key, as shown below:
+  </p>
+
+  <sample src="examples/PrototypePollutingAssignmentFixed2.js"/>
   
 </example>
 
diff --git a/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js b/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js
@@ -0,0 +1,16 @@
+let express = require('express');
+let app = express()
+
+app.put('/todos/:id', (req, res) => {
+    let id = req.params.id;
+    if (id === '__proto__' || id === 'constructor' || id === 'prototype') {
+        res.end(403);
+        return;
+    }
+    let items = req.session.todos[id];
+    if (!items) {
+        items = req.session.todos[id] = {};
+    }
+    items[req.query.name] = req.query.text;
+    res.end(200);
+});
