hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix, prevent addHook return values from being treated as XSS sinks

Browse Source
This commit is contained in:
Napalys Klicius
2025-04-28 12:21:21 +02:00
parent fdfdcc0d93
commit 8b53f8f2a6
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
View File

@@ -328,7 +328,11 @@ module Fastify {
ResponseSendArgument() {
this = rh.getAResponseSource().ref().getAMethodCall("send").getArgument(0)
or
this = rh.(DataFlow::FunctionNode).getAReturn()
exists(RouteSetup setup |
rh = setup.getARouteHandler() and
this = rh.(DataFlow::FunctionNode).getAReturn() and
setup.getMethodName() != "addHook"
)
}
override RouteHandler getRouteHandler() { result = rh }