hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

nfd and nfkd are considered

Browse Source
This commit is contained in:
Sim4n6
2023-05-20 12:51:24 +01:00
parent c9c7179a0b
commit 957023ec44
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll
View File

@@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
exists(DataFlow::CallNode cn |
cn.getMethodName() = "unicode_normalize" and
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc"] and
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and
sink = cn.getReceiver()
) and
state instanceof PostValidation