mirror of
https://github.com/github/codeql.git
synced 2026-07-03 10:35:29 +02:00
Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
Remove [[ link syntax from C# XSS sink
This commit is contained in:
@@ -186,13 +186,6 @@ private Expr aspWrittenValue(AspInlineMember m) {
|
||||
m.getMember().(Callable).canReturn(result)
|
||||
}
|
||||
|
||||
private string makeUrl(Location l) {
|
||||
exists(string path, int sl, int sc, int el, int ec |
|
||||
l.hasLocationInfo(path, sl, sc, el, ec) and
|
||||
result = "file://" + path + ":" + sl + ":" + sc + ":" + el + ":" + ec
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* A sink for writes to properties that are accessed in ASP pages.
|
||||
*
|
||||
@@ -208,10 +201,7 @@ private class AspxCodeSink extends Sink {
|
||||
|
||||
AspxCodeSink() { this.getExpr() = aspWrittenValue(inline) }
|
||||
|
||||
override string explanation() {
|
||||
result =
|
||||
"member is [[\"accessed inline\"|\"" + makeUrl(inline.getLocation()) + "\"]] in an ASPX page"
|
||||
}
|
||||
override string explanation() { result = "member is accessed inline in an ASPX page" }
|
||||
}
|
||||
|
||||
/** A sink for the output stream associated with a `HttpListenerResponse`. */
|
||||
|
||||
Reference in New Issue
Block a user