hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix: Ensure toSpliced is flagged by taint tracking in test suite (ed44358143)

Browse Source
This commit is contained in:
Napalys
2024-11-13 15:58:20 +01:00
parent ed44358143
commit 2df3d1b251
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/semmle/javascript/Arrays.qll
View File

@@ -81,6 +81,11 @@ module ArrayTaintTracking {
pred = call.getArgument(any(int i | i >= 2)) and
succ.(DataFlow::SourceNode).getAMethodCall("splice") = call
or
// `array.toSpliced(x, y, source())`: if `source()` is tainted, then so is the result of `toSpliced`, but not the original array.
call.(DataFlow::MethodCallNode).getMethodName() = "toSpliced" and
pred = call.getArgument(any(int i | i >= 2)) and
succ = call
or
// `array.splice(i, del, ...e)`: if `e` is tainted, then so is `array`.
pred = call.getASpreadArgument() and
succ.(DataFlow::SourceNode).getAMethodCall("splice") = call