hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove FP from js/regexpinjection where no regexp was constructed

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-12-16 16:36:58 +01:00
parent 5a6a2e8a68
commit 15d74b7d03
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js
View File

@@ -50,4 +50,13 @@ app.get('/findKey', function(req, res) {
URI(`${protocol}://${host}${path}`).search(input); // OK, but still flagged
URI(`${protocol}://${host}${path}`).search(input).href(); // OK
unknown.search(input).unknown; // OK
});
import * as Search from './search';
app.get('/findKey', function(req, res) {
var key = req.param("key"), input = req.param("input");
Search.search(input); // OK!
});

6
javascript/ql/test/query-tests/Security/CWE-730/search.js Normal file
View File

@@ -0,0 +1,6 @@
module.someOtherExport = true;
export function search(query) {
// Do nothing!
}