hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
haby0
2021-04-10 09:26:08 +08:00
committed by GitHub
parent 8a7d28a2ed
commit a5ebe8c600
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
View File

@@ -12,7 +12,7 @@ class VerificationMethodToIfFlowConfig extends DataFlow3::Configuration {
VerificationMethodToIfFlowConfig() { this = "VerificationMethodToIfFlowConfig" }
override predicate isSource(DataFlow::Node src) {
exists(MethodAccess ma, BarrierGuard bg | ma = bg |
exists(MethodAccess ma | ma instanceof BarrierGuard |
(
ma.getMethod().getAParameter().getName().regexpMatch("(?i).*(token|auth|referer|origin).*")
or