File tree Expand file tree Collapse file tree 1 file changed +22
-0
lines changed
javascript/ql/src/semmle/javascript/dataflow Expand file tree Collapse file tree 1 file changed +22
-0
lines changed Original file line number Diff line number Diff line change @@ -827,6 +827,28 @@ module TaintTracking {
827827 override predicate appliesTo ( Configuration cfg ) { any ( ) }
828828 }
829829
830+ /**
831+ * A test of form `x.length === "0"`, preventing `x` from being tainted.
832+ */
833+ class IsEmptyGuard extends AdditionalSanitizerGuardNode , DataFlow:: ValueNode {
834+ override EqualityTest astNode ;
835+ boolean polarity ;
836+ Expr operand ;
837+
838+ IsEmptyGuard ( ) {
839+ astNode .getPolarity ( ) = polarity and
840+ astNode .getAnOperand ( ) .( ConstantExpr ) .getIntValue ( ) = 0 and
841+ exists ( DataFlow:: PropRead read | read .asExpr ( ) = astNode .getAnOperand ( ) |
842+ read .getBase ( ) .asExpr ( ) = operand and
843+ read .getPropertyName ( ) = "length"
844+ )
845+ }
846+
847+ override predicate sanitizes ( boolean outcome , Expr e ) { polarity = outcome and e = operand }
848+
849+ override predicate appliesTo ( Configuration cfg ) { any ( ) }
850+ }
851+
830852 /** DEPRECATED. This class has been renamed to `InclusionSanitizer`. */
831853 deprecated class StringInclusionSanitizer = InclusionSanitizer ;
832854
You can’t perform that action at this time.
0 commit comments