Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

Napalys · asgerf · Napalys · commit 478e32cbe52e · 2025-03-17T10:17:39.000+01:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -892,10 +892,13 @@ module TaintedPath {
       TaintTracking::uriStep(node1, node2)
       or
       exists(DataFlow::CallNode decode |
-        decode.getCalleeName() = "decodeURIComponent" or
-        decode.getCalleeName() = "decodeURI" or
-        decode.getCalleeName() = "escape" or
-        decode.getCalleeName() = "unescape"
+        decode =
+          DataFlow::globalVarRef([
+              "decodeURIComponent",
+              "decodeURI",
+              "escape",
+              "unescape"
+            ]).getACall()
       |
         node1 = decode.getArgument(0) and
         node2 = decode
