mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
JS: Use hasUnderlyingStringOrAnyType in Nest model
This commit is contained in:
@@ -318,14 +318,6 @@ module NestJS {
|
||||
}
|
||||
}
|
||||
|
||||
private predicate isStringType(Type type) {
|
||||
type instanceof StringType
|
||||
or
|
||||
type instanceof AnyType
|
||||
or
|
||||
isStringType(type.(PromiseType).getElementType().unfold())
|
||||
}
|
||||
|
||||
/**
|
||||
* A return value from a route handler, seen as an argument to `res.send()`.
|
||||
*
|
||||
@@ -344,10 +336,10 @@ module NestJS {
|
||||
ReturnValueAsResponseSend() {
|
||||
handler.isReturnValueReflected() and
|
||||
this = handler.getAReturn() and
|
||||
// Only returned strings are sinks
|
||||
not exists(Type type |
|
||||
type = this.asExpr().getType() and
|
||||
not isStringType(type.unfold())
|
||||
// Only returned strings are sinks. If we can find a type for the return value, it must be string-like.
|
||||
not exists(NameResolution::Node type |
|
||||
TypeResolution::valueHasType(this.asExpr(), type) and
|
||||
not TypeResolution::hasUnderlyingStringOrAnyType(type)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -71,6 +71,9 @@ responseSendArgument
|
||||
| local/customPipe.ts:37:16:37:31 | '' + unsanitized |
|
||||
| local/customPipe.ts:42:16:42:31 | '' + unsanitized |
|
||||
| local/customPipe.ts:48:16:48:31 | '' + unsanitized |
|
||||
| local/routes.ts:7:12:7:16 | 'foo' |
|
||||
| local/routes.ts:12:12:12:16 | 'foo' |
|
||||
| local/routes.ts:17:12:17:16 | 'foo' |
|
||||
| local/routes.ts:32:31:32:31 | x |
|
||||
| local/routes.ts:33:31:33:38 | queryObj |
|
||||
| local/routes.ts:34:31:34:34 | name |
|
||||
|
||||
Reference in New Issue
Block a user