hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Make implicit this receivers explicit

Browse Source
This commit is contained in:
Kasper Svendsen
2023-05-03 15:31:00 +02:00
parent ea75996932
commit 67950c8e6b
125 changed files with 1061 additions and 1002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
View File

@@ -46,7 +46,7 @@ module UnsafeJQueryPlugin {
{
AmbiguousHtmlOrSelectorArgument() {
// any fixed prefix makes the call unambiguous
not exists(getAPrefix())
not exists(this.getAPrefix())
}
}
@@ -91,12 +91,12 @@ module UnsafeJQueryPlugin {
if method.getAParameter().getName().regexpMatch(optionsPattern)
then (
// use the last parameter named something like "options" if it exists ...
getName().regexpMatch(optionsPattern) and
this.getName().regexpMatch(optionsPattern) and
this = method.getAParameter()
) else (
// ... otherwise, use the last parameter, unless it looks like a DOM node
this = method.getLastParameter() and
not getName().regexpMatch("(?i)(e(l(em(ent(s)?)?)?)?)")
not this.getName().regexpMatch("(?i)(e(l(em(ent(s)?)?)?)?)")
)
)
}
@@ -113,13 +113,13 @@ module UnsafeJQueryPlugin {
class IsElementSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode {
IsElementSanitizer() {
// common ad hoc sanitizing calls
exists(string name | getCalleeName() = name |
exists(string name | this.getCalleeName() = name |
name = "isElement" or name = "isDocument" or name = "isWindow"
)
}
override predicate sanitizes(boolean outcome, Expr e) {
outcome = true and e = getArgument(0).asExpr()
outcome = true and e = this.getArgument(0).asExpr()
}
}