hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-01-31 12:24:12 +01:00
parent 279c584bb8
commit b6611b1fb3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
View File

@@ -55,7 +55,7 @@ module ClientSideUrlRedirect {
// exclude `location.href.split('?')[0]`, which can never refer to the query string
not exists(PropAccess pacc | mce = pacc.getBase() | pacc.getPropertyName() = "0")
or
(methodName = "substring" or methodName = "substr") and
(methodName = "substring" or methodName = "substr" or methodName = "slice") and
// exclude `location.href.substring(0, ...)` and similar, which can
// never refer to the query string
not mce.getArgument(0).(NumberLiteral).getIntValue() = 0