hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update ResourceExhaustion

Browse Source
This commit is contained in:
Asger F
2023-07-11 14:56:53 +02:00
parent 58a557b18e
commit a1d8a05bcb
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll
View File

@@ -22,7 +22,8 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
node instanceof Sanitizer or
node = any(DataFlow::PropRead read | read.getPropertyName() = "length")
}
override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) {
@@ -32,10 +33,6 @@ class Configuration extends TaintTracking::Configuration {
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
guard instanceof UpperBoundsCheckSanitizerGuard
}
override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
succ.(DataFlow::PropRead).accesses(pred, "length")
}
}
/** Holds if data is converted to a number from `src` to `dst`. */