JS/CommandInjectionQuery

javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql javascript/ql/src/Security/CWE-078/CommandInjection.ql
2025-12-16 16:53:25 +01:00 · 2025-10-10 17:30:59 +02:00
parent f24a6f64ab
commit 2a30ea923a
1 changed files with 3 additions and 2 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll
@@ -34,8 +34,9 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
  predicate observeDiffInformedIncrementalMode() { any() }

  Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(DataFlow::Node node |
-      isSinkWithHighlight(sink, node) and
+    exists(DataFlow::Node node | isSinkWithHighlight(sink, node) |
+      result = sink.getLocation()
+      or
      result = node.getLocation()
    )
  }