Merge pull request #750 from aschackmull/javascript/autoformat

Approved by xiemaisi
2026-04-28 18:25:24 +02:00 · 2019-01-11 16:35:38 +00:00
parent dcdbc00430 db9407bae5
commit 04c15028ab
475 changed files with 1727 additions and 1838 deletions
--- a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
+++ b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
@@ -17,11 +17,9 @@ from DifferentKindsComparison cmp, DataFlow::Node lSource, DataFlow::Node rSourc
 where
  lSource = cmp.getLSource() and
  rSource = cmp.getRSource() and
-  not (
-    // Standard names for the double submit cookie pattern (CSRF protection)
-    exists(DataFlow::PropRead s | s = lSource or s = rSource |
-      s.getPropertyName().regexpMatch("(?i).*(csrf|state|token).*")
-    )
+  // Standard names for the double submit cookie pattern (CSRF protection)
+  not exists(DataFlow::PropRead s | s = lSource or s = rSource |
+    s.getPropertyName().regexpMatch("(?i).*(csrf|state|token).*")
  )
 select cmp,
  "This comparison of $@ and $@ is a potential security risk since it is controlled by the user.",