Skip to content

Commit 422ade1

Browse files
erik-kroghesbena
erik-krogh
and
esbena
authored
Apply suggestions from code review
Co-authored-by: Esben Sparre Andreasen <[email protected]>
1 parent ce5356f commit 422ade1

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

change-notes/1.25/analysis-javascript.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
| Expression has no effect (`js/useless-expression`) | Less results | This query no longer flags an expression when that expression is the only content of the containing file. |
2727
| Unknown directive (`js/unknown-directive`) | Less results | This query no longer flags directives generated by the Babel compiler. |
2828
| Code injection (`js/code-injection`) | More results | More potential vulnerabilities involving NoSQL code operators are now recognized. |
29-
| Zip Slip (`js/zipslip`) | More results | This query now recognizes some zip-slip vulnerabilities involving links. |
29+
| Zip Slip (`js/zipslip`) | More results | This query now recognizes zip-slip vulnerabilities involving links. |
3030

3131
## Changes to libraries
3232

javascript/ql/src/semmle/javascript/security/dataflow/ZipSlipCustomizations.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -127,9 +127,9 @@ module ZipSlip {
127127
*/
128128
class PathSanitizer extends Sanitizer, DataFlow::CallNode {
129129
PathSanitizer() {
130-
this = DataFlow::moduleMember("path", "join").getACall() and
130+
this = NodeJSLib::Path::moduleMember("join").getACall() and
131131
exists(DataFlow::CallNode inner | inner = getArgument(1) |
132-
inner = DataFlow::moduleMember("path", "join").getACall() and
132+
inner = NodeJSLib::Path::moduleMember("join").getACall() and
133133
inner.getArgument(0).mayHaveStringValue("/")
134134
)
135135
}

0 commit comments

Comments
 (0)