hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix the spurious flow

Browse Source
This commit is contained in:
Asger F
2025-02-12 11:53:34 +01:00
parent c051b4c98d
commit cf33db78cc
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-089/untyped/pg-promise.js
View File

@@ -39,7 +39,7 @@ require('express')().get('/foo', (req, res) => {
req.params.id, // $ Alert
req.params.name, // $ Alert
req.params.foo, // OK - not using raw interpolation
] // $ SPURIOUS: Alert - implicit reads causes flow here in addition to the individual array elements
]
});
db.one({
text: 'SELECT * FROM news where id = ${id}:raw AND name = ${name}',