mirror of
https://github.com/github/codeql.git
synced 2026-04-24 08:15:14 +02:00
nfd and nfkd are considered
This commit is contained in:
@@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
|
||||
exists(DataFlow::CallNode cn |
|
||||
cn.getMethodName() = "unicode_normalize" and
|
||||
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc"] and
|
||||
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and
|
||||
sink = cn.getReceiver()
|
||||
) and
|
||||
state instanceof PostValidation
|
||||
|
||||
Reference in New Issue
Block a user