hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6262 from erik-krogh/slash

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2021-07-13 05:44:55 -07:00
committed by GitHub
parent c87fe95d52 899e54fbc9
commit 9d59cba644
4 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
View File

@@ -798,6 +798,12 @@ module TaintedPath {
srclabel instanceof Label::SplitPath and
dstlabel.(Label::PosixPath).canContainDotDotSlash()
)
or
exists(API::CallNode call | call = API::moduleImport("slash").getACall() |
src = call.getArgument(0) and
dst = call and
srclabel = dstlabel
)
}
/**