# Class/Attribute Pollution

- ID: python-class-pollution
- Severity: HIGH
- CWE: Mass Assignment (CWE-915)
- Languages: Python

## Description

Detects unsafe modification of class attributes or object __dict__ using
user input.

## Remediation

Whitelist allowed attributes before using setattr.

```python
ALLOWED_ATTRS = {"username", "email"}
if key in ALLOWED_ATTRS:
    setattr(user, key, value)
```

Learn more: https://shoulder.dev/learn/python/cwe-915/class-pollution

## Documentation

[object Object]

## Related Rules

- **Django Mass Assignment Vulnerability** [HIGH]: 
- **Prisma Mass Assignment Vulnerability** [CRITICAL]: 
- **Serializer/Form Exposes Privilege Fields** [HIGH]: 
- **TypeORM Mass Assignment Vulnerability** [CRITICAL]: