hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

use ConcatenationNode::isCoercion

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-09-08 13:15:17 +02:00
parent 2dedfb302a
commit 1243c736dd
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll
View File

@@ -34,10 +34,7 @@ class Configuration extends TaintTracking::Configuration {
// Concatenating with a string will in practice prevent the string `__proto__` from arising.
exists(StringOps::ConcatenationRoot root | node = root |
// Exclude the string coercion `"" + node` from this filter.
not (
strictcount(root.getALeaf()) = 2 and
root.getALeaf().getStringValue() = ""
)
not node.(StringOps::ConcatenationNode).isCoercion()
)
}