hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix template literal detection in string concatination

Browse Source
This commit is contained in:
Napalys Klicius
2025-06-12 11:18:20 +02:00
parent 861e4ee11e
commit bafe7e66ad
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
View File

@@ -76,9 +76,10 @@ class CandidateStringLiteral extends StringLiteral {
* ```
*/
predicate hasObjectProvidingTemplateVariables(CandidateStringLiteral lit) {
exists(DataFlow::CallNode call, DataFlow::ObjectLiteralNode obj |
call.getAnArgument().getALocalSource() = obj and
call.getAnArgument().asExpr() = lit and
exists(DataFlow::CallNode call, DataFlow::ObjectLiteralNode obj, DataFlow::Node stringArg |
stringArg = [StringConcatenation::getRoot(lit.flow()), lit.flow()] and
stringArg = call.getAnArgument() and
obj.flowsTo(call.getAnArgument()) and
forex(string name | name = lit.getAReferencedVariable() | exists(obj.getAPropertyWrite(name)))
)
}