hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

use SSA instead of internal AccessPath API

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-29 13:08:19 +02:00
parent 05bfba4f99
commit f7ad210331
1 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -120,25 +120,18 @@ module Shared {
)
}
private import semmle.javascript.dataflow.internal.AccessPaths as Paths
/**
* Gets an access-path that is used in a sanitizing switch statement.
* The `pragma[noinline]` is to avoid materializing a cartesian product of all access-paths.
* Gets an Ssa variable that is used in a sanitizing switch statement.
* The `pragma[noinline]` is to avoid materializing a cartesian product.
*/
pragma[noinline]
private Paths::AccessPath getAPathEscapedInSwitch() {
exists(Expr str |
isUsedInHTMLEscapingSwitch(str) and
result.getAnInstance() = str
)
}
private SsaVariable getAPathEscapedInSwitch() { isUsedInHTMLEscapingSwitch(result.getAUse()) }
/**
* An expression that is sanitized by a switch-case.
*/
class IsEscapedInSwitchSanitizer extends Sanitizer {
IsEscapedInSwitchSanitizer() { this.asExpr() = getAPathEscapedInSwitch().getAnInstance() }
IsEscapedInSwitchSanitizer() { this.asExpr() = getAPathEscapedInSwitch().getAUse() }
}
}