JS: Address doc review

asgerf · asgerf · commit fd293d07d7cf · 2020-12-09T09:58:52.000Z
diff --git a/javascript/change-notes/2020-11-25-prototype-pollution.md b/javascript/change-notes/2020-11-25-prototype-pollution.md
@@ -6,6 +6,6 @@ lgtm,codescanning
   This highlights indirect modification of `Object.prototype` via an unsafe `merge` call taking a user-controlled object as argument.
   * The query previously named "Prototype pollution in utility function" (`js/prototype-pollution-utility`) has been renamed to "Prototype-polluting function".
   This query highlights the implementation of an unsafe `merge` function, to ensure a robust API is exposed downstream.
-  * The above queries have been moved to the Security/CWE-915 folder, and tagged with CWE-079, CWE-094, CWE-400, and CWE-915.
+  * The above queries have been moved to the Security/CWE-915 folder, and assigned the following tags: CWE-078, CWE-079, CWE-094, CWE-400, and CWE-915.
   * The query "Type confusion through parameter tampering" (`js/type-confusion-through-parameter-tampering`) now highlights
   ineffective prototype pollution checks that can be bypassed by type confusion.
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
@@ -1,14 +1,15 @@
 /**
  * @name Prototype-polluting assignment
  * @description Modifying an object obtained via a user-controlled property name may
- *              lead to accidental modification of the built-in Object.prototype,
+ *              lead to accidental mutation of the built-in Object prototype,
  *              and possibly escalate to remote code execution or cross-site scripting.
  * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/prototype-polluting-assignment
  * @tags security
  *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
  *       external/cwe/cwe-094
  *       external/cwe/cwe-400
  *       external/cwe/cwe-915
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
@@ -8,6 +8,7 @@
  * @id js/prototype-pollution-utility
  * @tags security
  *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
  *       external/cwe/cwe-094
  *       external/cwe/cwe-400
  *       external/cwe/cwe-915
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
@@ -9,6 +9,7 @@
  * @id js/prototype-pollution
  * @tags security
  *       external/cwe/cwe-078
+ *       external/cwe/cwe-079
  *       external/cwe/cwe-094
  *       external/cwe/cwe-400
  *       external/cwe/cwe-915
