more precise getChild for matching "../"

2026-04-27 01:35:13 +02:00 · 2020-04-14 10:24:08 +02:00
parent 7c5c9ea8ea
commit e47575ce5b
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -285,7 +285,7 @@ module TaintedPath {
    exists(RegExpSequence seq | seq = result |
      seq.getChild(0).getConstantValue() = "." and
      seq.getChild(1).getConstantValue() = "." and
-      seq.getAChild().getAMatchedString() = "/"
+      seq.getChild(2).getAMatchedString() = "/"
    )
    or
    exists(RegExpGroup group | result = group | group.getChild(0) = getADotDotSlashMatcher())