JS: Migrate JQueryMethodCall to new API

2026-05-02 04:05:14 +02:00 · 2019-10-08 14:05:10 +01:00
parent 90ad55e8ce
commit c09e748bca
1 changed files with 6 additions and 6 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -59,14 +59,14 @@ module DomBasedXss {
  class LibrarySink extends Sink, DataFlow::ValueNode {
    LibrarySink() {
      // call to a jQuery method that interprets its argument as HTML
-      exists(JQueryMethodCall call | call.interpretsArgumentAsHtml(astNode) |
+      exists(JQuery::MethodCall call | call.interpretsArgumentAsHtml(this) |
        // either the argument is always interpreted as HTML
-        not call.interpretsArgumentAsSelector(astNode)
+        not call.interpretsArgumentAsSelector(this)
        or
        // or it doesn't start with something other than `<`, and so at least
        // _may_ be interpreted as HTML
        not exists(DataFlow::Node prefix, string strval |
-          isPrefixOfJQueryHtmlString(astNode, prefix) and
+          isPrefixOfJQueryHtmlString(this, prefix) and
          strval = prefix.getStringValue() and
          not strval.regexpMatch("\\s*<.*")
        ) and
@@ -90,9 +90,9 @@ module DomBasedXss {
   * Holds if `prefix` is a prefix of `htmlString`, which may be intepreted as
   * HTML by a jQuery method.
   */
-  private predicate isPrefixOfJQueryHtmlString(Expr htmlString, DataFlow::Node prefix) {
-    any(JQueryMethodCall call).interpretsArgumentAsHtml(htmlString) and
-    prefix = htmlString.flow()
+  private predicate isPrefixOfJQueryHtmlString(DataFlow::Node htmlString, DataFlow::Node prefix) {
+    any(JQuery::MethodCall call).interpretsArgumentAsHtml(htmlString) and
+    prefix = htmlString
    or
    exists(DataFlow::Node pred | isPrefixOfJQueryHtmlString(htmlString, pred) |
      prefix = StringConcatenation::getFirstOperand(pred)