hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

support jQuery().get() returning a DOM node

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-04-03 11:48:10 +02:00
parent dd9aec056c
commit 55edfed1ee
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/src/semmle/javascript/DOM.qll
View File

@@ -4,6 +4,7 @@
import javascript
import semmle.javascript.frameworks.Templating
private import semmle.javascript.dataflow.InferredTypes
module DOM {
/**
@@ -292,10 +293,18 @@ module DOM {
private class DefaultRange extends Range {
DefaultRange() {
this.asExpr().(VarAccess).getVariable() instanceof DOMGlobalVariable or
this = domValueRef().getAPropertyRead() or
this = domElementCreationOrQuery() or
this.asExpr().(VarAccess).getVariable() instanceof DOMGlobalVariable
or
this = domValueRef().getAPropertyRead()
or
this = domElementCreationOrQuery()
or
this = domElementCollection()
or
exists(JQuery::MethodCall call | this = call and call.getMethodName() = "get" |
call.getNumArgument() = 1 and
forex(InferredType t | t = call.getArgument(0).analyze().getAType() | t = TTNumber())
)
}
}
}