hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Recognize calls to .item and .namedItem

Browse Source
This commit is contained in:
Asger Feldthaus
2020-06-01 14:18:14 +01:00
parent 696d19cb14
commit 42f32bf76c
3 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/DOM.qll
View File

@@ -340,6 +340,9 @@ module DOM {
t.start() and
result = domValueSource()
or
t.start() and
result = domValueRef().getAMethodCall(["item", "namedItem"])
or
exists(DataFlow::TypeTracker t2 | result = domValueRef(t2).track(t2, t))
}

3
javascript/ql/test/library-tests/DOM/Customizations.expected
View File

@@ -1,8 +1,11 @@
test_documentRef
| customization.js:2:13:2:31 | customGetDocument() |
| nameditems.js:1:1:1:8 | document |
test_locationRef
| customization.js:3:3:3:14 | doc.location |
test_domValueRef
| customization.js:4:3:4:28 | doc.get ... 'test') |
| nameditems.js:1:1:1:30 | documen ... ('foo') |
| nameditems.js:1:1:2:19 | documen ... em('x') |
| tst.js:49:3:49:8 | window |
| tst.js:50:3:50:8 | window |

2
javascript/ql/test/library-tests/DOM/nameditems.js Normal file
View File

@@ -0,0 +1,2 @@
document.getElementById('foo')
.namedItem('x');