hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix FP in js/path-injection by recognizing more prefix checks

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-01-31 10:55:29 +01:00
parent f8d0b4e602
commit 279c584bb8
5 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
View File

@@ -47,25 +47,13 @@ abstract class EnumeratedPropName extends DataFlow::Node {
*/
abstract DataFlow::Node getSourceObject();
/**
* Gets a local reference of the source object.
*/
SourceNode getASourceObjectRef() {
exists(SourceNode root, string path |
getSourceObject() = AccessPath::getAReferenceTo(root, path) and
result = AccessPath::getAReferenceTo(root, path)
)
or
result = getSourceObject().getALocalSource()
}
/**
* Gets a property read that accesses the corresponding property value in the source object.
*
* For example, gets `src[key]` in `for (var key in src) { src[key]; }`.
*/
PropRead getASourceProp() {
result = getASourceObjectRef().getAPropertyRead() and
result = AccessPath::getASourceAccess(getSourceObject()).getAPropertyRead() and
result.getPropertyNameExpr().flow().getImmediatePredecessor*() = this
}
}