hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added a step from parse to opts for commander js

Browse Source
This commit is contained in:
Napalys Klicius
2025-08-01 13:12:43 +02:00
parent e980798ede
commit 6b4e34dd39
3 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/semmle/javascript/frameworks/CommandLineArguments.qll
View File

@@ -95,6 +95,11 @@ private class ArgsParseStep extends TaintTracking::SharedTaintStep {
pred = call.getArgument(0)
)
or
exists(API::Node commanderNode | commanderNode = commander() |
pred = commanderNode.getMember("parse").getACall().getAnArgument() and
succ = commanderNode.getMember("opts").getACall()
)
or
exists(DataFlow::MethodCallNode methodCall | methodCall = yargs() |
pred = methodCall.getReceiver() and
succ = methodCall