hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix additional taint step variables

Browse Source
This commit is contained in:
jorgectf
2021-11-09 14:41:35 +01:00
parent c0a0c5d811
commit 5b46b90e10
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/semmle/python/security/dataflow/ReflectedXSS.qll
View File

@@ -26,7 +26,7 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
guard instanceof StringConstCompare
}
override predicate isAdditionalTaintStep(DataFlow::Node nodeTo, DataFlow::Node nodeFrom) {
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(DataFlow::CallCfgNode htmlContentCall |
htmlContentCall =
API::moduleImport("sendgrid")
@@ -34,8 +34,8 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
.getMember("mail")
.getMember("HtmlContent")
.getACall() and
nodeFrom = htmlContentCall and
nodeTo = htmlContentCall.getArg(0)
nodeTo = htmlContentCall and
nodeFrom = htmlContentCall.getArg(0)
)
}
}