hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

add "valid" to the AdHocWhitelistCheckSanitizer

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-11 16:44:24 +02:00
parent 8d41ce1630
commit bb8905b46e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -778,7 +778,8 @@ module TaintTracking {
*/
class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {
AdHocWhitelistCheckSanitizer() {
getCalleeName().regexpMatch("(?i).*((?<!un)safe|whitelist|allow|(?<!un)auth(?!or\\b)).*") and
getCalleeName()
.regexpMatch("(?i).*((?<!un)safe|whitelist|valid|allow|(?<!un)auth(?!or\\b)).*") and
getNumArgument() = 1
}