hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

add DataFlow::getEnclosingExpr to get the an Expr from a potentially reflective call

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-11-06 09:49:43 +01:00
parent 3a7f9a588d
commit e4f6f41634
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Statements/UseOfReturnlessFunction.ql
View File

@@ -211,9 +211,9 @@ where
msg = "the $@ does not return anything, yet the return value from the call to " + call.getCalleeName() + " is used." and
name = "callback function"
) and
not benignContext(call.asExpr()) and
not benignContext(call.getEnclosingExpr()) and
not lastStatementHasNoEffect(func) and
// anonymous one-shot closure. Those are used in weird ways and we ignore them.
not oneshotClosure(call.asExpr())
not oneshotClosure(call.getEnclosingExpr())
select
call, msg, func, name