JS: analyze assignments in with correctly

2026-04-29 10:45:15 +02:00 · 2019-02-25 15:31:53 +01:00
parent 047b69a4c2
commit 0d94fe3f54
1 changed files with 5 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/dataflow/CapturedNodes.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/CapturedNodes.qll
@@ -20,7 +20,11 @@ private predicate isEscape(DataFlow::Node escape, string cause) {
  or
  escape = any(ExportDeclaration e).getSourceNode(_) and cause = "export"
  or
-  any(WithStmt with).mayAffect(escape.asExpr()) and cause = "heap"
+  exists (WithStmt with, Assignment assign |
+    with.mayAffect(assign.getLhs()) and
+    assign.getRhs().flow() = escape and
+    cause = "heap"
+  )
 }

 private DataFlow::Node getAnEscape() {