hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

support VarRef

Browse Source
This commit is contained in:
tyage
2022-10-04 14:45:39 +09:00
parent 33d204913c
commit 8a7f23a8ea
1 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -729,9 +729,9 @@ module TaintTracking {
// find target in root object recursively
private predicate findInObject(Expr root, Expr target) {
// when root is Object
exists(ObjectExpr object, Property property, Expr propertyVal |
object = root and
property = object.getAProperty() and
exists(Property property, Expr propertyVal |
root instanceof ObjectExpr and
property = root.(ObjectExpr).getAProperty() and
propertyVal = property.getInit() and
(
target = property.getNameExpr() or
@@ -741,14 +741,24 @@ module TaintTracking {
)
or
// when root is Array
exists(ArrayExpr array, Expr child |
array = root and
child = array.getAChildExpr() and
exists(Expr child |
root instanceof ArrayExpr and
child = root.(ArrayExpr).getAChildExpr() and
(
target = child or
findInObject(child, target)
)
)
or
// when root is VarRef
exists(Expr var |
root instanceof VarRef and
var = root.(VarRef).getAVariable().getAnAssignedExpr() and
(
target = var or
findInObject(var, target)
)
)
}
}