JS: Replace uses in ExternalApiUsedWithUntrustedData

2025-12-18 01:33:15 +01:00 · 2021-03-17 12:38:33 +00:00
parent 2012e97842
commit bda074835e
1 changed files with 6 additions and 9 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll
@@ -255,15 +255,12 @@ module ExternalAPIUsedWithUntrustedData {
      not exists(DataFlow::Node arg |
        arg = this.getAnArgument() and not arg instanceof DeepObjectSink
      |
-        TaintTracking::sharedTaintStep(arg, _)
-        or
-        exists(DataFlow::AdditionalFlowStep s |
-          s.step(arg, _) or
-          s.step(arg, _, _, _) or
-          s.loadStep(arg, _, _) or
-          s.storeStep(arg, _, _) or
-          s.loadStoreStep(arg, _, _)
-        )
+        TaintTracking::sharedTaintStep(arg, _) or
+        DataFlow::SharedFlowStep::step(arg, _) or
+        DataFlow::SharedFlowStep::step(arg, _, _, _) or
+        DataFlow::SharedFlowStep::loadStep(arg, _, _) or
+        DataFlow::SharedFlowStep::storeStep(arg, _, _) or
+        DataFlow::SharedFlowStep::loadStoreStep(arg, _, _)
      )
    }