Update javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Erik Krogh Kristensen
2020-12-16 14:57:20 +01:00
committed by GitHub
parent fd0d5c9e46
commit 3d03e7192c

View File

@@ -53,7 +53,7 @@ module IndirectCommandInjection {
// `require("arg")({...spec})` => `{_: [], a: ..., b: ...}`
this = DataFlow::moduleImport("arg").getACall()
or
// https://www.npmjs.com/package/argparse
// `(new (require(argparse)).ArgumentParser({...spec})).parse_args()` => `{a: ..., b: ...}`
this =
API::moduleImport("argparse")
.getMember("ArgumentParser")