hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1004 from asger-semmle/suffix-check-bug

Browse Source 
JS: Recognize '+' in suffix check
This commit is contained in:
Max Schaefer
2019-02-28 14:23:26 +00:00
committed by GitHub
parent edba24129d 8e8085ea1f
commit 2ecabad553
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
View File

@@ -95,9 +95,9 @@ predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) {
or
isDerivedFromLength(length.getAPredecessor(), operand)
or
exists(SubExpr sub |
isDerivedFromLength(sub.getAnOperand().flow(), operand) and
length = sub.flow()
exists(BinaryExpr expr | expr instanceof SubExpr or expr instanceof AddExpr |
isDerivedFromLength(expr.getAnOperand().flow(), operand) and
length = expr.flow()
)
}