hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-02 20:30:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add defensive check to ensure Unknown endpoints cannot also be NotASink

Browse Source
This commit is contained in:
Jean Helie
2022-03-24 13:27:25 +01:00
parent 2ffa6771ff
commit cf820e7611
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
View File

@@ -75,7 +75,11 @@ private DataFlow::Node getAnUnknown(Query query) {
getATMCfg(query).isEffectiveSink(result) or
getATMCfg(query).isEffectiveSinkWithOverridingScore(result, _, _)
) and
// Effective sinks should exclude sinks but this is a defensive requirement
not result = getASink(query) and
// Effective sinks should exclude NotASink but for some queries (e.g. Xss) this is currently not always the case and
// so this is a defensive requirement
not result = getANotASink(_) and
// Only consider the source code for the project being analyzed.
exists(result.getFile().getRelativePath())
}