hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13283 from asgerf/js/restrict-regex-search-function

Browse Source 
JS: Be more conservative about flagging "search" call arguments as regex
This commit is contained in:
Asger F
2023-06-08 10:50:51 +02:00
committed by GitHub
parent d59263af0e 77d2799278
commit 76a8e9827e
7 changed files with 58 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md Normal file
View File

@@ -0,0 +1,6 @@
---
category: minorAnalysis
---
* Fixed an issue where calls to a method named `search` would lead to false positive alerts related to regular expressions.
This happened when the call was incorrectly seen as a call to `String.prototype.search`, since this function converts its first argument
to a regular expression. The analysis is now more restrictive about when to treat `search` calls as regular expression sinks.