hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: remove restriction on truncate calls

Browse Source
This commit is contained in:
Asger F
2019-02-25 17:00:47 +00:00
parent d70d0e21cc
commit 29de1411b7
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/semmle/javascript/frameworks/ClosureLibrary.qll
View File

@@ -35,16 +35,14 @@ module ClosureLibrary {
name = "trim" or
name = "trimLeft" or
name = "trimRight" or
name = "truncate" or
name = "truncateMiddle" or
name = "unescapeEntities" or
name = "urlDecode" or
name = "urlEncode" or
name = "whitespaceEscape"
)
or
(name = "truncate" or name = "truncateMiddle") and
pred = getArgument(0) and
not getArgument(1).getIntValue() < 8 // length of <script>
or
name = "unescapeEntitiesWithDocument" and
pred = getArgument(0)
)