hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add comment about allowImplicitRead in PostMessageStar

Browse Source
This commit is contained in:
Asger F
2024-03-13 11:30:52 +01:00
parent 0a2050bc42
commit 406b080ce3
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll
View File

@@ -34,6 +34,7 @@ module PostMessageStarConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) {
// If an object leaks, all of its properties have leaked
isSink(node) and contents = DataFlow::ContentSet::anyProperty()
}
}