hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Remove a non-deprecated reference to SanitizerGuardNode

Browse Source
This commit is contained in:
Asger F
2024-11-06 10:35:32 +01:00
parent bc7753de29
commit 82682d9a62
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -853,15 +853,13 @@ module TaintTracking {
*
* This sanitizer is not enabled by default.
*/
class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {
class AdHocWhitelistCheckSanitizer extends DataFlow::CallNode {
AdHocWhitelistCheckSanitizer() {
this.getCalleeName()
.regexpMatch("(?i).*((?<!un)safe|whitelist|(?<!in)valid|allow|(?<!un)auth(?!or\\b)).*") and
this.getNumArgument() = 1
}
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */
predicate blocksExpr(boolean outcome, Expr e) {
outcome = true and
@@ -869,6 +867,11 @@ module TaintTracking {
}
}
deprecated private class AdHocWhitelistCheckSanitizerAsSanitizerGuardNode extends SanitizerGuardNode instanceof AdHocWhitelistCheckSanitizer
{
override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) }
}
/** Barrier nodes derived from the `AdHocWhitelistCheckSanitizer` class. */
module AdHocWhitelistCheckSanitizer = DataFlow::MakeBarrierGuard<AdHocWhitelistCheckSanitizer>;