hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Now BadHtmlSanitizers also flags new RegExp as potential issue

Browse Source
This commit is contained in:
Napalys
2024-11-26 09:20:34 +01:00
parent 41f21d429b
commit 38be0e4c0a
3 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
View File

@@ -74,7 +74,7 @@ private StringReplaceCall getAStringReplaceMethodCall(StringReplaceCall n) {
module HtmlSanitization {
private predicate fixedGlobalReplacement(StringReplaceCallSequence chain) {
forall(StringReplaceCall member | member = chain.getAMember() |
member.isGlobal() and member.getArgument(0) instanceof DataFlow::RegExpLiteralNode
member.isGlobal() and member.getArgument(0) instanceof DataFlow::RegExpCreationNode
)
}