hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Restrict reachableFromStoreBase

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-03 00:54:50 +00:00
parent 98524556c3
commit a2042094cf
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -901,8 +901,14 @@ private predicate reachableFromStoreBase(
string prop, DataFlow::Node rhs, DataFlow::Node nd, DataFlow::Configuration cfg,
PathSummary summary
) {
isRelevant(rhs, cfg) and
storeStep(rhs, nd, prop, cfg, summary)
exists(PathSummary s1, PathSummary s2 |
reachableFromSource(rhs, cfg, s1)
or
reachableFromStoreBase(_, _, rhs, cfg, s1)
|
storeStep(rhs, nd, prop, cfg, s2) and
summary = MkPathSummary(false, s1.hasCall().booleanOr(s2.hasCall()), s2.getStartLabel(), s2.getEndLabel())
)
or
exists(DataFlow::Node mid, PathSummary oldSummary, PathSummary newSummary |
reachableFromStoreBase(prop, rhs, mid, cfg, oldSummary) and