hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed taint from ArrayBuffer constructor as it accepts length

Browse Source
This commit is contained in:
Napalys
2025-04-09 13:27:13 +02:00
parent 4bc3e9e736
commit a3e4e62eac
3 changed files with 17 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll
View File

@@ -74,20 +74,6 @@ private class ArrayBufferEntryPoint extends API::EntryPoint {
pragma[nomagic]
API::Node arrayBufferConstructorRef() { result = any(ArrayBufferEntryPoint a).getANode() }
class ArrayBufferConstructorSummary extends SummarizedCallable {
ArrayBufferConstructorSummary() { this = "ArrayBuffer constructor" }
override DataFlow::InvokeNode getACall() {
result = arrayBufferConstructorRef().getAnInstantiation()
}
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
preservesValue = true and
input = "Argument[0].ArrayElement" and
output = "ReturnValue.ArrayElement"
}
}
class TransferLike extends SummarizedCallable {
TransferLike() { this = "ArrayBuffer#transfer" }