hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: explain sanitizer equivalence

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-08-21 09:38:05 +02:00
parent be8a32bb18
commit 2d63524f83
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -587,14 +587,14 @@ module TaintTracking {
}
/** A check of the form `if(o.indexOf(x) != -1)`, which sanitizes `x` in its "then" branch. */
/** A check of the form `if(whitelist.indexOf(x) != -1)`, which sanitizes `x` in its "then" branch. */
class IndexOfSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode {
MethodCallExpr indexOf;
override EqualityTest astNode;
IndexOfSanitizer() {
exists (Expr index | astNode.hasOperands(indexOf, index) |
// one operand is of the form `o.indexOf(x)`
// one operand is of the form `whitelist.indexOf(x)`
indexOf.getMethodName() = "indexOf" and
// and the other one is -1
index.getIntValue() = -1
@@ -612,7 +612,11 @@ module TaintTracking {
}
/** A check of the form `if(~o.indexOf(x))`, which sanitizes `x` in its "then" branch. */
/**
* A check of the form `if(~whitelist.indexOf(x))`, which sanitizes `x` in its "then" branch.
*
* This sanitizer is equivalent to `if(whitelist.indexOf(x) != -1)`, since `~n = 0` iff `n = -1`.
*/
class BitwiseIndexOfSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode {
MethodCallExpr indexOf;
override BitNotExpr astNode;