hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add AdHocWhitelistSanitizer::getABarrierNode()

Browse Source 
This sanitizer guard is opt-in, i.e. not an AdditionalSanitizerGuardNode.
This commit is contained in:
Asger F
2023-10-04 15:41:19 +02:00
parent 26f7f94246
commit bc68b6a7f8
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -830,12 +830,18 @@ module TaintTracking {
this.getNumArgument() = 1
}
override predicate sanitizes(boolean outcome, Expr e) {
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */
predicate blocksExpr(boolean outcome, Expr e) {
outcome = true and
e = this.getArgument(0).asExpr()
}
}
/** Barrier nodes derived from the `AdHocWhitelistCheckSanitizer` class. */
module AdHocWhitelistCheckSanitizer = DataFlow::MakeBarrierGuard<AdHocWhitelistCheckSanitizer>;
/** A check of the form `if(x in o)`, which sanitizes `x` in its "then" branch. */
class InSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode {
override InExpr astNode;