hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

use callgraph instead of type-inference for array taint-steps

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-03-02 14:06:09 +01:00
parent b20ce8bfca
commit ae56285331
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/Arrays.qll
View File

@@ -25,7 +25,7 @@ module ArrayTaintTracking {
// `array.map(function (elt, i, ary) { ... })`: if `array` is tainted, then so are
// `elt` and `ary`; similar for `forEach`
exists(Function f |
call.getArgument(0).analyze().getAValue().(AbstractFunction).getFunction() = f and
call.getArgument(0).getAFunctionValue(0).getFunction() = f and
call.(DataFlow::MethodCallNode).getMethodName() = ["map", "forEach"] and
pred = call.getReceiver() and
succ = DataFlow::parameterNode(f.getParameter([0, 2]))