hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add comment about why colors/safe is not safe

Browse Source 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Erik Krogh Kristensen
2021-06-23 10:39:56 +02:00
committed by GitHub
parent fa02651542
commit 700dfcc3a7
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/frameworks/Logging.qll
View File

@@ -221,7 +221,8 @@ class AnsiColorsStep extends TaintTracking::SharedTaintStep {
class ColorsStep extends TaintTracking::SharedTaintStep {
override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport(["colors", "colors/safe"]).getAMember*().getACall()
call = API::moduleImport(["colors", "colors/safe" /* this variant avoids modifying the prototype methods */ ]).getAMember*().getACall()
|
pred = call.getArgument(0) and
succ = call