hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: ReactPropStep

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-27 15:22:56 +00:00
parent 317a073b6e
commit 0fa66acdb8
1 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -403,22 +403,16 @@ module TaintTracking {
* taint to flow from `v` to any read of `c2.props.p`, where `c2`
* also is an instance of `C`.
*/
private class ReactComponentPropsTaintStep extends AdditionalTaintStep {
DataFlow::Node source;
ReactComponentPropsTaintStep() {
private class ReactComponentPropsTaintStep extends SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(ReactComponent c, string name, DataFlow::PropRead prn |
prn = c.getAPropRead(name) or
prn = c.getAPreviousPropsSource().getAPropertyRead(name)
|
source = c.getACandidatePropsValue(name) and
this = prn
pred = c.getACandidatePropsValue(name) and
succ = prn
)
}
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
pred = source and succ = this
}
}
/**