hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Now catches usage of RegExp. after matchAll usage.

Browse Source
This commit is contained in:
Napalys
2024-11-08 08:59:31 +01:00
parent c2baf0bd6d
commit 70cf1a57bc
3 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -917,7 +917,7 @@ module TaintTracking {
*/
private ControlFlowNode getACaptureSetter(DataFlow::Node input) {
exists(DataFlow::MethodCallNode call | result = call.asExpr() |
call.getMethodName() = ["search", "replace", "replaceAll", "match"] and
call.getMethodName() = ["search", "replace", "replaceAll", "match", "matchAll"] and
input = call.getReceiver()
or
call.getMethodName() = ["test", "exec"] and input = call.getArgument(0)