use ConcatenationNode::isCoercion

erik-krogh · erik-krogh · commit 1243c736dda8 · 2021-10-27T20:37:42.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll
@@ -34,10 +34,7 @@ class Configuration extends TaintTracking::Configuration {
     // Concatenating with a string will in practice prevent the string `__proto__` from arising.
     exists(StringOps::ConcatenationRoot root | node = root |
       // Exclude the string coercion `"" + node` from this filter.
-      not (
-        strictcount(root.getALeaf()) = 2 and
-        root.getALeaf().getStringValue() = ""
-      )
+      not node.(StringOps::ConcatenationNode).isCoercion()
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -34,10 +34,7 @@ class Configuration extends TaintTracking::Configuration {`
`34`	`34`	// Concatenating with a string will in practice prevent the string `__proto__` from arising.
`35`	`35`	`exists(StringOps::ConcatenationRoot root \| node = root \|`
`36`	`36`	// Exclude the string coercion `"" + node` from this filter.
`37`		`- not (`
`38`		`- strictcount(root.getALeaf()) = 2 and`
`39`		`- root.getALeaf().getStringValue() = ""`
`40`		`- )`
	`37`	`+ not node.(StringOps::ConcatenationNode).isCoercion()`
`41`	`38`	`)`
`42`	`39`	`}`
`43`	`40`