hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: bugfix in handling of custom flow labels

Browse Source
This commit is contained in:
Asger F
2018-10-10 16:06:44 +01:00
parent 74f115fa40
commit ea297dd442
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/semmle/javascript/dataflow/internal/FlowSteps.qll
View File

@@ -74,10 +74,12 @@ predicate localFlowStep(DataFlow::Node pred, DataFlow::Node succ,
any(DataFlow::AdditionalFlowStep afs).step(pred, succ) and predlbl = succlbl
or
exists (boolean vp | configuration.isAdditionalFlowStep(pred, succ, vp) |
if vp = false and (predlbl = FlowLabel::data() or predlbl = FlowLabel::taint()) then
succlbl = FlowLabel::taint()
else
predlbl = succlbl
vp = true and
predlbl = succlbl
or
vp = false and
(predlbl = FlowLabel::data() or predlbl = FlowLabel::taint()) and
succlbl = FlowLabel::taint()
)
or
configuration.isAdditionalFlowStep(pred, succ, predlbl, succlbl)