hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: simplify loop detection

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-06-12 14:56:08 +02:00
parent 2d2468463b
commit 678bb7c128
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
View File

@@ -76,6 +76,6 @@ where
dangerous instanceof RegExpGroup
) and
// don't flag replace operations in a loop
not replace.getReceiver() = replace.getASuccessor+()
not replace.getReceiver().getALocalSource() = replace
select replace, "The replaced string may still contain a substring that starts matching at $@.",
dangerous, dangerous.toString()