hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: fixups

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-06-12 14:45:57 +02:00
parent 7b97fd07a8
commit fa4e8914e6
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/src/Security/CWE-770/MemoryExhaustion.ql
View File

@@ -96,7 +96,7 @@ class Configuration extends TaintTracking::Configuration {
c = dst and
src = c.getAnArgument()
|
c = DataFlow::globalVarRef("Math").getAPropertyRead().getACall() or
c = DataFlow::globalVarRef("Math").getAMemberCall(_) or
c = DataFlow::globalVarRef(["Number", "parseInt", "parseFloat"]).getACall()
)
)
@@ -191,10 +191,12 @@ class BufferSizeSink extends Sink {
)
or
invk = clazz.getAnInvocation() and
invk.getNumArgument() = 1 and
index = 0
or
invk.getNumArgument() = 3 and index = 2
(
invk.getNumArgument() = 1 and
index = 0
or
invk.getNumArgument() = 3 and index = 2
)
)
or
this = DataFlow::globalVarRef("SlowBuffer").getAnInstantiation().getArgument(0)