hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

autoformat

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-12-13 11:44:52 +01:00
parent e164f46330
commit 3b2cc4674e
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
View File

@@ -40,9 +40,7 @@ module ExceptionXss {
not isUnlikelyToThrowSensitiveInformation(node) and
(
// in the case of reflective calls the below ensures that both InvokeNodes have no known callee.
forex(DataFlow::InvokeNode call | call.getAnArgument() = node |
not exists(call.getACallee())
)
forex(DataFlow::InvokeNode call | call.getAnArgument() = node | not exists(call.getACallee()))
or
node.asExpr().getEnclosingStmt() instanceof ThrowStmt
or
@@ -75,9 +73,12 @@ module ExceptionXss {
exists(DataFlow::CallNode call | call.getLastArgument().getAFunctionValue() = this) and
this.getNumParameter() = 2 and
errorParameter = this.getParameter(0) and
ifStmt = this.getFunction().getBodyStmt(0) and
ifStmt = this.getFunction().getBodyStmt(0) and
errorParameter.flowsToExpr(ifStmt.getCondition()) and
not ifStmt.getThen().getBasicBlock().getASuccessor*() = this.getFunction().getBodyStmt(1).getBasicBlock()
not ifStmt.getThen().getBasicBlock().getASuccessor*() = this
.getFunction()
.getBodyStmt(1)
.getBasicBlock()
}
DataFlow::Node getErrorParam() { result = errorParameter }