hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Merge sources to one class

Browse Source
This commit is contained in:
Asger Feldthaus
2022-02-21 16:26:02 +01:00
parent 00ed72ed83
commit 8194c041cc
1 changed files with 3 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
View File

@@ -40,17 +40,10 @@ module RequestForgery {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of server-side remote user input, considered as a flow source for request forgery. */
private class ServerSideSource extends Source instanceof RemoteFlowSource {
ServerSideSource() { not this instanceof ClientSideRemoteFlowSource }
}
private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
RemoteFlowSourceAsSource() { not this.(ClientSideRemoteFlowSource).getKind().isPathOrUrl() }
private class ClientSideSource extends Source instanceof ClientSideRemoteFlowSource {
ClientSideSource() {
// Reduce FPs by excluding sources from client-side path or URL
not ClientSideRemoteFlowSource.super.getKind().isPathOrUrl()
}
override predicate isServerSide() { none() }
override predicate isServerSide() { not this instanceof ClientSideRemoteFlowSource }
}
/**