hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 23:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Rename a predicate in CommandInjection.qll.

Browse Source
This commit is contained in:
Max Schaefer
2018-08-29 15:37:35 +01:00
parent f3239cbec9
commit 4e4ef520ab
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/Security/CWE-078/CommandInjection.ql
View File

@@ -17,5 +17,8 @@ import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
where cfg.hasFlow(source, sink) and
if cfg.isSink(sink, _) then cfg.isSink(sink, highlight) else highlight = sink
if cfg.isSinkWithHighlight(sink, _) then
cfg.isSinkWithHighlight(sink, highlight)
else
highlight = sink
select highlight, "This command depends on $@.", source, "a user-provided value"