hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape

Browse Source
This commit is contained in:
amammad
2023-12-07 08:52:55 +01:00
parent 20a3211d06
commit dbf01a9284
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
go/ql/lib/semmle/go/frameworks/Fasthttp.qll
View File

@@ -101,7 +101,8 @@ module Fasthttp {
this = call.getArgument(0)
or
m.hasQualifiedName(packagePath(), "RequestCtx", ["Success", "SuccessString"]) and
this = m.getACall().getArgument(1)
call = m.getACall() and
this = call.getArgument(1)
) and
methodName =
[
@@ -149,19 +150,19 @@ module Fasthttp {
* A function that can be used as a sanitizer for XSS.
*/
class HtmlQuoteSanitizer extends EscapeFunction::Range {
boolean isHTMLEscape;
boolean isHtmlEscape;
HtmlQuoteSanitizer() {
this.hasQualifiedName(packagePath(), ["AppendHTMLEscape", "AppendHTMLEscapeBytes"]) and
isHTMLEscape = true
isHtmlEscape = true
or
this.hasQualifiedName(packagePath(), "AppendQuotedArg") and isHTMLEscape = false
this.hasQualifiedName(packagePath(), "AppendQuotedArg") and isHtmlEscape = false
}
override string kind() {
isHTMLEscape = true and result = "html"
isHtmlEscape = true and result = "html"
or
isHTMLEscape = false and result = "url"
isHtmlEscape = false and result = "url"
}
}