JS: Fix observed FPs in UnsafeJQueryPlugin

asgerf · asgerf · commit 0d598c437dd0 · 2023-04-17T08:20:18.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll
@@ -23,6 +23,9 @@ class Configuration extends TaintTracking::Configuration {
     node instanceof DomBasedXss::Sanitizer
     or
     node instanceof Sanitizer
+    or
+    // Plugins usually do `$(this)` to coerce an existing DOM element to a jQuery object.
+    node instanceof DataFlow::ThisNode
   }
 
   override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,9 @@ class Configuration extends TaintTracking::Configuration {`
`23`	`23`	`node instanceof DomBasedXss::Sanitizer`
`24`	`24`	`or`
`25`	`25`	`node instanceof Sanitizer`
	`26`	`+ or`
	`27`	+ // Plugins usually do `$(this)` to coerce an existing DOM element to a jQuery object.
	`28`	`+ node instanceof DataFlow::ThisNode`
`26`	`29`	`}`
`27`	`30`
`28`	`31`	`override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {`