hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: add "verify" as an Authorization call word

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-08-06 15:09:22 +02:00
parent 237f1af67f
commit c6cfca3131
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/security/SensitiveActions.qll
View File

@@ -143,7 +143,7 @@ class AuthorizationCall extends SensitiveAction, DataFlow::CallNode {
exists(string s | s = astNode.getCalleeName() |
// name contains `login` or `auth`, but not as part of `loginfo` or `unauth`;
// also exclude `author`
s.regexpMatch("(?i).*(login(?!fo)|(?<!un)auth(?!or\\b)).*") and
s.regexpMatch("(?i).*(login(?!fo)|(?<!un)auth(?!or\\b)|verify).*") and
// but it does not start with `get` or `set`
not s.regexpMatch("(?i)(get|set).*")
)