mirror of
https://github.com/github/codeql.git
synced 2026-07-03 18:45:34 +02:00
C#: Remove [[ style links from XSS sink explanation
Remove the makeUrl predicate and the [[""|""]]] link syntax from AspxCodeSink.explanation(), replacing with plain text. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
@@ -186,13 +186,6 @@ private Expr aspWrittenValue(AspInlineMember m) {
|
||||
m.getMember().(Callable).canReturn(result)
|
||||
}
|
||||
|
||||
private string makeUrl(Location l) {
|
||||
exists(string path, int sl, int sc, int el, int ec |
|
||||
l.hasLocationInfo(path, sl, sc, el, ec) and
|
||||
result = "file://" + path + ":" + sl + ":" + sc + ":" + el + ":" + ec
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* A sink for writes to properties that are accessed in ASP pages.
|
||||
*
|
||||
@@ -208,10 +201,7 @@ private class AspxCodeSink extends Sink {
|
||||
|
||||
AspxCodeSink() { this.getExpr() = aspWrittenValue(inline) }
|
||||
|
||||
override string explanation() {
|
||||
result =
|
||||
"member is [[\"accessed inline\"|\"" + makeUrl(inline.getLocation()) + "\"]] in an ASPX page"
|
||||
}
|
||||
override string explanation() { result = "member is accessed inline in an ASPX page" }
|
||||
}
|
||||
|
||||
/** A sink for the output stream associated with a `HttpListenerResponse`. */
|
||||
|
||||
Reference in New Issue
Block a user