hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

use mayHaveBooleanValue

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-04-15 20:06:21 +02:00
parent 13d915927b
commit 19c5889775
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/frameworks/Markdown.qll
View File

@@ -126,8 +126,7 @@ private class MarkdownItStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode renderer, API::CallNode call |
renderer = API::moduleImport("markdown-it").getACall() and
renderer.getParameter(0).getMember("html").getARhs().asExpr().(BooleanLiteral).getValue() =
"true" and
renderer.getParameter(0).getMember("html").getARhs().mayHaveBooleanValue(true) and
call = renderer.getReturn().getMember(["render", "renderInline"]).getACall()
|
succ = call and