Merge pull request #10390 from erik-krogh/unmentionedGuard

QL: add unmentioned guard class query
2026-04-29 10:45:15 +02:00 · 2022-09-13 11:04:13 +02:00
parent 86417cec34 a567c132c1
commit 2739b9cfd8
3 changed files with 31 additions and 2 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
@@ -75,7 +75,7 @@ class Configuration extends TaintTracking::Configuration {
  }

  override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
-    guard instanceof PrefixStringSanitizer or
+    guard instanceof PrefixStringSanitizerActivated or
    guard instanceof QuoteGuard or
    guard instanceof ContainsHtmlGuard
  }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll
@@ -43,7 +43,8 @@ class Configration extends TaintTracking::Configuration {
  override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
    guard instanceof PrefixStringSanitizer or
    guard instanceof QuoteGuard or
-    guard instanceof ContainsHtmlGuard
+    guard instanceof ContainsHtmlGuard or
+    guard instanceof TypeTestGuard
  }
 }