hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4711 from erik-krogh/locType

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2020-11-24 13:10:32 +00:00
committed by GitHub
parent 260a8d4afb 33dab1717e
commit 8c68463e76
4 changed files with 94 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
javascript/ql/src/semmle/javascript/DOM.qll
View File

@@ -374,10 +374,26 @@ module DOM {
this = DOM::domValueRef().getAPropertyRead("baseUri")
or
this = DataFlow::globalVarRef("location")
or
this = any(DataFlow::Node n | n.hasUnderlyingType("Location")).getALocalSource() and
not this = nonFirstLocationType(DataFlow::TypeTracker::end()) // only start from the source, and not the locations we can type-track to.
}
}
}
/**
* Get a reference to a node of type `Location` that has gone through at least 1 type-tracking step.
*/
private DataFlow::SourceNode nonFirstLocationType(DataFlow::TypeTracker t) {
// One step inlined in the beginning.
exists(DataFlow::TypeTracker t2 |
result =
any(DataFlow::Node n | n.hasUnderlyingType("Location")).getALocalSource().track(t2, t)
)
or
exists(DataFlow::TypeTracker t2 | result = nonFirstLocationType(t2).track(t2, t))
}
/** Gets a data flow node that directly refers to a DOM `location` object. */
DataFlow::SourceNode locationSource() { result instanceof LocationSource::Range }