# Prototype Pollution Gadget - Unsafe Property Trust

- ID: javascript-prototype-pollution-gadget
- Severity: MEDIUM
- CWE: Prototype Pollution (CWE-1321)
- Languages: JavaScript, TypeScript
- Frameworks: nodejs, express, fastify, koa, nestjs, nextjs

## Description

Detects authorization checks that trust properties without verifying they are own properties.

## Detection Message

Authorization check at line {line} trusts a property that could be inherited
from a polluted prototype. If Object.prototype is polluted elsewhere, this
check could be bypassed.

## Remediation

Use Object.hasOwn() to verify properties are not inherited from prototype.

```javascript
if (Object.hasOwn(user, 'isAdmin') && user.isAdmin) {
  grantAccess();
}
```

Learn more: https://shoulder.dev/learn/javascript/cwe-1321/prototype-pollution-gadget

## Documentation

[object Object]

## Related Rules

- **Prototype Pollution via Object Manipulation** [HIGH]: