hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

move the ReflectedXss sources/sinks into the Customizations file

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-04-20 10:30:39 +02:00
parent 173e1d0262
commit 162a4992a5
3 changed files with 115 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/semmle/javascript/heuristics/AdditionalSinks.qll
View File

@@ -8,7 +8,7 @@ import javascript
private import SyntacticHeuristics
private import semmle.javascript.security.dataflow.CodeInjectionCustomizations
private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
private import semmle.javascript.security.dataflow.Xss as Xss
private import semmle.javascript.security.dataflow.ReflectedXssCustomizations
private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
private import semmle.javascript.security.dataflow.TaintedPathCustomizations
@@ -40,7 +40,7 @@ private class HeuristicDomBasedXssSink extends HeuristicSink, DomBasedXss::Sink
}
}
private class HeuristicReflectedXssSink extends HeuristicSink, Xss::ReflectedXss::Sink {
private class HeuristicReflectedXssSink extends HeuristicSink, ReflectedXss::Sink {
HeuristicReflectedXssSink() {
isAssignedToOrConcatenatedWith(this, "(?i)(html|innerhtml)") or
isArgTo(this, "(?i)(html|render)") or