hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix: Now Array.prototype.with is properly flagged as taint step

Browse Source
This commit is contained in:
Napalys
2024-11-15 10:35:34 +01:00
parent f04fd5cdcc
commit bed1f25b3f
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/Arrays.qll
View File

@@ -477,7 +477,7 @@ private module ArrayLibraries {
private class ImmutableArrayTransformStep extends TaintTracking::SharedTaintStep {
override predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::MethodCallNode call |
call.getMethodName() in ["toSorted", "toReversed"] and
call.getMethodName() in ["toSorted", "toReversed", "with"] and
pred = call.getReceiver() and
succ = call
)