hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19192 from asgerf/js/name-resolution-independent-fixes

Browse Source 
JS: Some preliminary fixes from name resolution branch
This commit is contained in:
Asger F
2025-04-03 09:36:02 +02:00
committed by GitHub
parent 52660fa57d 6c3bc941c5
commit bb15f30ef6
7 changed files with 36 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
javascript/ql/src/Security/CWE-327/BadRandomness.ql
View File

@@ -30,30 +30,26 @@ private int powerOfTwo() {
* Gets a node that has value 2^n for some n.
*/
private DataFlow::Node isPowerOfTwo() {
exists(DataFlow::Node prev |
prev.getIntValue() = powerOfTwo()
or
// Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000
prev.asExpr().(NumberLiteral).getValue() =
["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"]
|
result = prev.getASuccessor*()
)
result.getIntValue() = powerOfTwo()
or
// Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000
result.asExpr().(NumberLiteral).getValue() =
["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"]
or
result = isPowerOfTwo().getASuccessor()
}
/**
* Gets a node that has value (2^n)-1 for some n.
*/
private DataFlow::Node isPowerOfTwoMinusOne() {
exists(DataFlow::Node prev |
prev.getIntValue() = powerOfTwo() - 1
or
// Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff
prev.asExpr().(NumberLiteral).getValue() =
["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"]
|
result = prev.getASuccessor*()
)
result.getIntValue() = powerOfTwo() - 1
or
// Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff
result.asExpr().(NumberLiteral).getValue() =
["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"]
or
result = isPowerOfTwoMinusOne().getASuccessor()
}
/**

4
javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases.