hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove FP from js/regexpinjection where no regexp was constructed

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-12-16 16:36:58 +01:00
parent 5a6a2e8a68
commit 15d74b7d03
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/Regexp.qll
View File

@@ -810,7 +810,8 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) {
// The argument of a call that coerces the argument to a regular expression.
exists(MethodCallExpr mce, string methodName |
mce.getReceiver().analyze().getAType() = TTString() and
mce.getMethodName() = methodName
mce.getMethodName() = methodName and
not exists(DataFlow::FunctionNode func | func = DataFlow::valueNode(mce.getCallee()).getAFunctionValue() | not func.getFunction().inExternsFile())
|
methodName = "match" and source.asExpr() = mce.getArgument(0) and mce.getNumArgument() = 1
or