Refactor Markdown taint steps and update expected results for reflected XSS tests

2026-04-28 18:25:24 +02:00 · 2025-03-10 19:27:36 +01:00
parent 0676c21a4b
commit 13c701948a
5 changed files with 17 additions and 15 deletions
--- a/javascript/ql/lib/ext/markdown-table.model.yml
+++ b/javascript/ql/lib/ext/markdown-table.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - ["markdown-table", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue", "taint"]
--- a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll
@@ -46,19 +46,6 @@ module Markdown {
    }
  }

-  /**
-   * A taint step for the `markdown-table` library.
-   */
-  private class MarkdownTableStep extends MarkdownStep {
-    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(DataFlow::CallNode call | call = DataFlow::moduleImport("markdown-table").getACall() |
-        // TODO: needs a flow summary to ensure ArrayElement content is unfolded
-        succ = call and
-        pred = call.getArgument(0)
-      )
-    }
-  }
-
  /**
   * A taint step for the `showdown` library.
   */