hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Remove a bindingset annotation.

Browse Source
This commit is contained in:
Max Schaefer
2020-11-23 10:27:29 +00:00
parent 3853da0969
commit b3ab6efd1d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
View File

@@ -804,7 +804,6 @@ private module Redis {
* For getter-like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
* it is at most possible to get a Redis call to return more results than expected (e.g. by adding more members to [`geohash`](https://redis.io/commands/geohash)).
*/
bindingset[argIndex]
predicate argumentIsAmbiguousKey(string method, int argIndex) {
method =
[
@@ -815,7 +814,8 @@ private module Redis {
] and
argIndex = 0
or
method = ["bitop", "hmset", "mset", "msetnx", "geoadd"] and argIndex >= 0
method = ["bitop", "hmset", "mset", "msetnx", "geoadd"] and
argIndex in [0 .. any(DataFlow::InvokeNode invk).getNumArgument() - 1]
}
}