hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

Browse Source 
Co-authored-by: Asger F <asgerf@github.com>
This commit is contained in:
Napalys Klicius
2025-03-17 10:13:00 +01:00
committed by Napalys
parent 4a691b778b
commit 478e32cbe5
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
View File

@@ -892,10 +892,13 @@ module TaintedPath {
TaintTracking::uriStep(node1, node2)
or
exists(DataFlow::CallNode decode |
decode.getCalleeName() = "decodeURIComponent" or
decode.getCalleeName() = "decodeURI" or
decode.getCalleeName() = "escape" or
decode.getCalleeName() = "unescape"
decode =
DataFlow::globalVarRef([
"decodeURIComponent",
"decodeURI",
"escape",
"unescape"
]).getACall()
|
node1 = decode.getArgument(0) and
node2 = decode