hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow more flow through .filter()

Browse Source
This commit is contained in:
erik-krogh
2024-03-13 12:03:00 +01:00
parent c190dd21db
commit 129286aa1c
4 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/semmle/javascript/Arrays.qll
View File

@@ -36,7 +36,8 @@ module ArrayTaintTracking {
succ = call
)
or
// `array.filter(x => x)` and `array.filter(x => !!x)` keeps the taint
// `array.filter(x => x)` and `array.filter(x => !<something>)` keeps the taint
// the latter is assumed to filter away only specific values, thus keeping the taint
call.(DataFlow::MethodCallNode).getMethodName() = "filter" and
pred = call.getReceiver() and
succ = call and
@@ -47,7 +48,7 @@ module ArrayTaintTracking {
|
param = ret
or
param = DataFlow::exprNode(ret.asExpr().(LogNotExpr).getOperand().(LogNotExpr).getOperand())
ret.asExpr() instanceof LogNotExpr
)
or
// `array.reduce` with tainted value in callback