method-clobberinglisted

# Method Clobbering Detection ## When to Use Audit CSV/form/query string parsers that create plain objects from untrusted input where the attacker can control property names (keys), not just values. ## Key Insight When a parser creates a plain object `{}` from user input, the attacker can set keys like `toString`, `valueOf`, `hasOwnProperty` to non-function values. Any code that later calls these methods on the object will throw a TypeError. **Important**: JSON.parse can do the same thing. You MUST show why the library-specific clobbering is worse than what JSON.parse enables. Show a REAL crash path, not just theoretical property overwrite. ## Dangerous Keys | Key | Normal Type | Effect When Clobbered | |-----|------------|----------------------| | `toString` | Function | `obj + ""` throws TypeError | | `valueOf` | Function | `obj == x` or coercion throws TypeError | | `hasOwnProperty` | Function | `obj.hasOwnProperty(k)` throws TypeError | | `constructor` | Function | Type checks fail | | `__proto__` | Object | Prototype pollution (see prototype-pollution skill) | | `__defineGetter__` | Function | Legacy getter/setter manipulation | | `__defineSetter__` | Function | Legacy getter/setter manipulation | | `__lookupGetter__` | Function | Legacy getter/setter introspection | | `toJSON` | undefined | `JSON.stringify(obj)` throws TypeError | | `then` | undefined | `await obj` or Promise.resolve(obj) treats obj as thenable | ## Process ### Step 1: Find Parsers That Create