JavaScript: Recognize ":" pseudo-directive.

2026-04-30 11:15:13 +02:00 · 2019-10-31 11:37:33 +00:00
parent 6e6dab9ab8
commit 311cbd824c
3 changed files with 7 additions and 0 deletions
--- a/javascript/ql/src/Expressions/UnknownDirective.ql
+++ b/javascript/ql/src/Expressions/UnknownDirective.ql
@@ -13,6 +13,8 @@ import javascript
 from Directive d
 where
  not d instanceof KnownDirective and
+  // ignore ":" pseudo-directive sometimes seen in dual-use shell/node.js scripts
+  not d.getExpr().getStringValue() = ":" and
  // but exclude attribute top-levels: `<a href="javascript:'some-attribute-string'">`
  not d.getParent() instanceof CodeInAttribute
 select d, "Unknown directive: '" + truncate(d.getDirectiveText(), 20, " ... (truncated)") + "'."