hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Do not track returned values out of the enclosing function

Browse Source
This commit is contained in:
Asger F
2022-10-25 11:27:52 +02:00
parent a3234503b8
commit 414bd40c41
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
View File

@@ -1197,7 +1197,8 @@ private predicate reachesReturn(
exists(DataFlow::Node mid, PathSummary oldSummary, PathSummary newSummary |
flowStep(read, cfg, mid, oldSummary) and
reachesReturn(f, mid, cfg, newSummary) and
summary = oldSummary.append(newSummary)
summary = oldSummary.append(newSummary) and
pragma[only_bind_out](summary).isLevel()
)
}