Merge pull request #227 from xiemaisi/js/taint-kinds

JavaScript: Add support for state-based taint tracking.

javascript/ql/src/Security/CWE-078/CommandInjection.ql

@@ -17,5 +17,8 @@ import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
 where cfg.hasFlow(source, sink) and
-      if cfg.isSink(sink, _) then cfg.isSink(sink, highlight) else highlight = sink
+      if cfg.isSinkWithHighlight(sink, _) then
+        cfg.isSinkWithHighlight(sink, highlight)
+      else
+        highlight = sink
 select highlight, "This command depends on $@.", source, "a user-provided value"