hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Remove TODOs about WithArrayElement not being a taint step

Browse Source 
This isn't going to become a taint step, the workaround is the permanent solution
This commit is contained in:
Asger F
2025-01-09 09:24:58 +01:00
parent 3cc1525985
commit 8ac08db5c2
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll
View File

@@ -140,7 +140,7 @@ class CopyWithin extends SummarizedCallable {
input = "Argument[this].WithArrayElement" and
output = "ReturnValue"
or
// TODO: workaround for WithArrayElement not being converted to a taint step
// Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
preservesValue = false and
input = "Argument[this]" and
output = "ReturnValue"
@@ -186,7 +186,7 @@ class Filter extends SummarizedCallable {
output = "ReturnValue"
)
or
// TODO: workaround for WithArrayElement not being converted to a taint step
// Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
preservesValue = false and
input = "Argument[this]" and
output = "ReturnValue"
@@ -328,10 +328,7 @@ class From1Arg extends SummarizedCallable {
output = "ReturnValue[exception]"
)
or
// TODO: we currently convert ArrayElement read/store steps to taint steps, but this does not
// work for WithArrayElement because it's just an expectsContent node, and there's no way easy
// to omit the expectsContent restriction in taint tracking.
// Work around this for now.
// Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
preservesValue = false and
input = "Argument[0]" and
output = "ReturnValue"
@@ -561,7 +558,7 @@ class ArrayCoercionPackage extends FunctionalPackageSummary {
output = "ReturnValue.ArrayElement"
)
or
// TODO: workaround for WithArrayElement not being converted to a taint step
// Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step
preservesValue = false and
input = "Argument[0]" and
output = "ReturnValue"