hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11853 from erik-krogh/assignMore

Browse Source 
JS: add local flow when recognizing Object.assign calls for library-inputs
This commit is contained in:
Erik Krogh Kristensen
2023-01-10 17:04:29 +01:00
committed by GitHub
parent 72a11e737d 62b69bbd3e
commit 54c780bdf9
4 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/PackageExports.qll
View File

@@ -200,7 +200,8 @@ private DataFlow::Node getAValueExportedByPackage() {
or
// Object.assign and friends
exists(ExtendCall assign |
getAValueExportedByPackage() = [assign, assign.getDestinationOperand()] and
getAValueExportedByPackage() = [assign, assign.getDestinationOperand().getALocalSource()]
|
result = assign.getASourceOperand()
)
or