hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove check for console().getAMethodCall

Browse Source
This commit is contained in:
ubuntu
2020-06-24 19:31:23 +02:00
parent 65eba0272d
commit d9a0dc0982
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/experimental/Security/CWE-117/LogInjection.qll
View File

@@ -65,8 +65,6 @@ module LogInjection {
*/
class LoggingCall extends DataFlow::CallNode {
LoggingCall() {
this = any(ConsoleSource console).getAMemberCall(getAStandardLoggerMethodName())
or
exists(DataFlow::SourceNode node, string propName |
any(ConsoleSource console).getAPropertyRead() = node.getAPropertySource(propName) and
this = node.getAPropertyRead(propName).getACall()
@@ -88,9 +86,7 @@ module LogInjection {
*/
class StringReplaceSanitizer extends Sanitizer {
StringReplaceSanitizer() {
exists(string s |
this.(StringReplaceCall).replaces(s, "") and s.regexpMatch("\\n")
)
exists(string s | this.(StringReplaceCall).replaces(s, "") and s.regexpMatch("\\n"))
}
}