BLXBenchBLXBench UI
blxbench

Benchmark

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
BLXBenchBLXBench UI
blxbench

Benchmark

Suite

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
  1. Home
  2. Our Tests
  3. Debug-Prototype-Pollution-Check-V2
blxbench

Test fixture

Debug-Prototype-Pollution-Check-V2

Debuggingv2 — Resiliencemediumscorer: rubric_json_metrics

Bug fixes, edge conditions, and minimal patch accuracy.

How it is scored

The model receives the prompt (and optional system message). The run uses scorer rubric_json_metrics with the JSON configuration below. Pass/fail and partial credit are determined entirely by that scorer against the model output; no human grading.

User prompt
Return JSON only with keys diagnosis, fix, tests. A permissions check calls obj.hasOwnProperty('admin') directly on an untrusted user-supplied object; an attacker supplies an object whose __proto__ overrides hasOwnProperty to always return true, bypassing the check. Identify the prototype pollution vector and fix it.
Scorer config
{
  "metrics": {
    "repro": {
      "checks": [
        {
          "contains": [
            "hasOwnProperty"
          ]
        },
        {
          "contains": [
            "__proto__"
          ]
        },
        {
          "contains": [
            "untrusted"
          ]
        },
        {
          "contains": [
            "bypass"
          ]
        }
      ]
    },
    "hidden": {
      "checks": [
        {
          "contains": [
            "Object.prototype.hasOwnProperty.call"
          ]
        },
        {
          "contains": [
            "Object.hasOwn"
          ]
        },
        {
          "contains": [
            "null prototype"
          ]
        }
      ]
    },
    "diagnose": {
      "checks": [
        {
          "contains": [
            "prototype pollution"
          ]
        },
        {
          "contains": [
            "poisoned prototype"
          ]
        },
        {
          "contains": [
            "unsafe hasOwnProperty"
          ]
        }
      ]
    }
  }
}
Run parameters

temperature

0

max_tokens

420

timeout (s)

120

type

scored

file

debug-prototype-pollution-check-v2.json

← PreviousDebug-Promise-Not-Awaited-V2
|
Next →Debug-Prototype-Pollution-Merge-V2

BLXBench

Community driven leaderboardPublic benchmark runner — run in your environment, share results with the community.

© 2026 BLXBench by bitslix.com

ProvenanceAggregated from user runs
Scope43 / 11 / 490
Latestrun_7730ad / 459 / $0.00
TermsPrivacy