JS: JsonParserTaintStep

2026-04-28 10:15:14 +02:00 · 2020-03-27 15:29:02 +00:00
parent 301b5e6556
commit 107569ef41
1 changed files with 5 additions and 7 deletions
--- a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
@@ -579,14 +579,12 @@ module TaintTracking {
  /**
   * A taint propagating data flow edge arising from JSON parsing.
   */
-  private class JsonParserTaintStep extends AdditionalTaintStep, DataFlow::CallNode {
-    JsonParserCall call;
-
-    JsonParserTaintStep() { this = call }
-
+  private class JsonParserTaintStep extends SharedTaintStep {
    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      pred = call.getInput() and
-      succ = call.getOutput()
+      exists(JsonParserCall call |
+        pred = call.getInput() and
+        succ = call.getOutput()
+      )
    }
  }