hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update UnsafeJQueryPlugin

Browse Source
This commit is contained in:
Asger F
2023-07-11 15:01:33 +02:00
parent a1d8a05bcb
commit b09ed4b0e3
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll
View File

@@ -31,16 +31,13 @@ class Configuration extends TaintTracking::Configuration {
aliasPropertyPresenceStep(src, sink)
}
override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
override predicate isSanitizerOut(DataFlow::Node node) {
// prefixing prevents forced html/css confusion:
// prefixing through concatenation:
StringConcatenation::taintStep(pred, succ, _, any(int i | i >= 1))
StringConcatenation::taintStep(node, _, _, any(int i | i >= 1))
or
// prefixing through a poor-mans templating system:
exists(StringReplaceCall replace |
replace = succ and
pred = replace.getRawReplacement()
)
node = any(StringReplaceCall call).getRawReplacement()
}
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) {