JS: Autoformat

2026-05-03 20:58:03 +02:00 · 2021-08-09 10:49:50 +02:00
parent 6ef83f8015
commit 1074d409fb
2 changed files with 14 additions and 9 deletions
--- a/javascript/ql/src/semmle/javascript/security/TaintedUrlSuffix.qll
+++ b/javascript/ql/src/semmle/javascript/security/TaintedUrlSuffix.qll
@@ -2,6 +2,7 @@
 * Provides a flow label for reasoning about URLs with a tainted query and fragment part,
 * which we collectively refer to as the "suffix" of the URL.
 */
+
 import javascript

 /**
@@ -17,9 +18,7 @@ module TaintedUrlSuffix {
   * Can also be accessed using `TaintedUrlSuffix::label()`.
   */
  class TaintedUrlSuffixLabel extends FlowLabel {
-    TaintedUrlSuffixLabel() {
-      this = "tainted-url-suffix"
-    }
+    TaintedUrlSuffixLabel() { this = "tainted-url-suffix" }
  }

  /**
@@ -30,7 +29,7 @@ module TaintedUrlSuffix {
  /** Holds for `pred -> succ` is a step of form `x -> x.p` */
  private predicate isSafeLocationProp(DataFlow::PropRead read) {
    // Ignore properties that refer to the scheme, domain, port, auth, or path.
-    exists (string name | name = read.getPropertyName() |
+    exists(string name | name = read.getPropertyName() |
      name = "protocol" or
      name = "scheme" or
      name = "host" or
@@ -86,10 +85,14 @@ module TaintedUrlSuffix {
        name = "get"
        or
        // Methods on URL objects from the Closure library
-        name = "getDecodedQuery" or
-        name = "getFragment" or
-        name = "getParameterValue" or
-        name = "getParameterValues" or
+        name = "getDecodedQuery"
+        or
+        name = "getFragment"
+        or
+        name = "getParameterValue"
+        or
+        name = "getParameterValues"
+        or
        name = "getQueryData"
      )
      or
--- a/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll
@@ -80,7 +80,9 @@ module DomBasedXss {
      guard instanceof SanitizerGuard
    }

-    override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl) {
+    override predicate isAdditionalFlowStep(
+      DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
+    ) {
      TaintedUrlSuffix::step(src, trg, inlbl, outlbl)
      or
      exists(DataFlow::Node operator |