mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
use of all normalization forms without the ":" prefix
This commit is contained in:
@@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration {
|
||||
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
|
||||
exists(DataFlow::CallNode cn |
|
||||
cn.getMethodName() = "unicode_normalize" and
|
||||
cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and
|
||||
cn.getArgument(0).getConstantValue().getSymbol() = ["nfkc", "nfc", "nfkd", "nfd"] and
|
||||
sink = cn.getReceiver()
|
||||
) and
|
||||
state instanceof PostValidation
|
||||
|
||||
Reference in New Issue
Block a user