hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12333 from kaspersv/kaspersv/fix-join-order

Browse Source 
ReflectedXss: Prevent bad join order
This commit is contained in:
Erik Krogh Kristensen
2023-03-01 12:48:30 +01:00
committed by GitHub
parent bb8d195607 86925646f3
commit 64dad3db8a
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
View File

@@ -103,6 +103,12 @@ module ReflectedXss {
)
}
bindingset[headerBlock]
pragma[inline_late]
private predicate doesNotDominateCallback(ReachableBasicBlock headerBlock) {
not exists(Expr e | e instanceof Function | headerBlock.dominates(e.getBasicBlock()))
}
/**
* Holds if the HeaderDefinition `header` seems to be local.
* A HeaderDefinition is local if it dominates exactly one `ResponseSendArgument`.
@@ -122,7 +128,7 @@ module ReflectedXss {
header.getBasicBlock().(ReachableBasicBlock).dominates(sender.getBasicBlock())
) and
// doesn't dominate something that looks like a callback.
not exists(Expr e | e instanceof Function | headerBlock.dominates(e.getBasicBlock()))
doesNotDominateCallback(headerBlock)
)
}