use isWildcardLike in MetacharEscapeSanitizer

erik-krogh · erik-krogh · commit d5450f1df6d8 · 2021-04-28T11:46:50.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -37,10 +37,8 @@ module Shared {
       (
         RegExp::alwaysMatchesMetaCharacter(getRegExp().getRoot(), ["<", "'", "\""])
         or
-        // or it's a global inverted char class.
-        getRegExp().getRoot().(RegExpCharacterClass).isInverted()
-        or
-        getRegExp().getRoot().(RegExpQuantifier).getAChild().(RegExpCharacterClass).isInverted()
+        // or it's like a wild-card.
+        RegExp::isWildcardLike(getRegExp().getRoot())
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,8 @@ module Shared {`
`37`	`37`	`(`
`38`	`38`	`RegExp::alwaysMatchesMetaCharacter(getRegExp().getRoot(), ["<", "'", "\""])`
`39`	`39`	`or`
`40`		`- // or it's a global inverted char class.`
`41`		`- getRegExp().getRoot().(RegExpCharacterClass).isInverted()`
`42`		`- or`
`43`		`- getRegExp().getRoot().(RegExpQuantifier).getAChild().(RegExpCharacterClass).isInverted()`
	`40`	`+ // or it's like a wild-card.`
	`41`	`+ RegExp::isWildcardLike(getRegExp().getRoot())`
`44`	`42`	`)`
`45`	`43`	`}`
`46`	`44`	`}`