hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

a slight refactor

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-04-18 22:21:41 +02:00
parent 7f592a6c64
commit e0b5197d3c
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/lib/semmle/javascript/frameworks/DomEvents.qll
View File

@@ -37,26 +37,22 @@ private DataFlow::SourceNode taintedEvent(DataFlow::TypeTracker t, string event)
)
or
t.start() and
exists(DataFlow::ParameterNode pn |
exists(DataFlow::ParameterNode pn | result = pn |
// https://developer.mozilla.org/en-US/docs/Web/API/ClipboardEvent
pn.hasUnderlyingType("ClipboardEvent") and
result = pn and
event = "paste"
or
// https://developer.mozilla.org/en-US/docs/Web/API/DragEvent
pn.hasUnderlyingType("DragEvent") and
result = pn and
event = "drop"
or
// https://developer.mozilla.org/en-US/docs/Web/API/InputEvent
pn.hasUnderlyingType("InputEvent") and
result = pn and
event = "beforeinput"
)
or
t.start() and
exists(DataFlow::PropWrite pw | pw = DOM::domValueRef().getAPropertyWrite() |
pw.getPropertyName() = "on" + event and
exists(DataFlow::PropWrite pw | pw = DOM::domValueRef().getAPropertyWrite("on" + event) |
event = ["paste", "drop"] and // doesn't work for beforeinput, it's just not part of the API
result = pw.getRhs().getABoundFunctionValue(0).getParameter(0)
)