Formatting of QLL

aegilops · aegilops · commit 0aab2aef3b15 · 2024-07-09T18:16:37.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/security/FunctionalityFromUntrustedSource.qll b/javascript/ql/lib/semmle/javascript/security/FunctionalityFromUntrustedSource.qll
@@ -38,8 +38,9 @@ module StaticCreation {
     // Some CDN URLs are required to have an integrity attribute. We only add CDNs to that list
     // that recommend integrity-checking.
     exists(string hostname, string requiredCheckingHostname |
-      hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*\\.js$", 1)
-      and isCdnDomainWithCheckingRequired(requiredCheckingHostname) and hostname = requiredCheckingHostname
+      hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*\\.js$", 1) and
+      isCdnDomainWithCheckingRequired(requiredCheckingHostname) and
+      hostname = requiredCheckingHostname
     )
   }
 
@@ -87,23 +88,22 @@ module StaticCreation {
 bindingset[url]
 predicate isUrlWithUntrustedDomain(string url) {
   exists(string hostname |
-    hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*", 1)
-    and isUntrustedHostname(hostname)
+    hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*", 1) and
+    isUntrustedHostname(hostname)
   )
 }
 
 /** Holds if `hostname` refers to a domain or subdomain that is untrusted. */
 bindingset[hostname]
 predicate isUntrustedHostname(string hostname) {
   exists(string domain |
-    (hostname = domain or hostname.matches("%." + domain)) and 
+    (hostname = domain or hostname.matches("%." + domain)) and
     isUntrustedDomain(domain)
   )
 }
 
 // The following predicates are extended in data extensions under javascript/ql/lib/semmle/javascript/security/domains/
 // and can be extended with custom model packs as necessary.
-
 /** Holds for hostnames defined in data extensions */
 extensible predicate isCdnDomainWithCheckingRequired(string hostname);
 

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,9 @@ module StaticCreation {`
`38`	`38`	`// Some CDN URLs are required to have an integrity attribute. We only add CDNs to that list`
`39`	`39`	`// that recommend integrity-checking.`
`40`	`40`	`exists(string hostname, string requiredCheckingHostname \|`
`41`		`- hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*\\.js$", 1)`
`42`		`- and isCdnDomainWithCheckingRequired(requiredCheckingHostname) and hostname = requiredCheckingHostname`
	`41`	`+ hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*\\.js$", 1) and`
	`42`	`+ isCdnDomainWithCheckingRequired(requiredCheckingHostname) and`
	`43`	`+ hostname = requiredCheckingHostname`
`43`	`44`	`)`
`44`	`45`	`}`
`45`	`46`
`@@ -87,23 +88,22 @@ module StaticCreation {`
`87`	`88`	`bindingset[url]`
`88`	`89`	`predicate isUrlWithUntrustedDomain(string url) {`
`89`	`90`	`exists(string hostname \|`
`90`		`- hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*", 1)`
`91`		`- and isUntrustedHostname(hostname)`
	`91`	`+ hostname = url.regexpCapture("(?i)^(?:https?:)?//([^/]+)/.*", 1) and`
	`92`	`+ isUntrustedHostname(hostname)`
`92`	`93`	`)`
`93`	`94`	`}`
`94`	`95`
`95`	`96`	/** Holds if `hostname` refers to a domain or subdomain that is untrusted. */
`96`	`97`	`bindingset[hostname]`
`97`	`98`	`predicate isUntrustedHostname(string hostname) {`
`98`	`99`	`exists(string domain \|`
`99`		`- (hostname = domain or hostname.matches("%." + domain)) and`
	`100`	`+ (hostname = domain or hostname.matches("%." + domain)) and`
`100`	`101`	`isUntrustedDomain(domain)`
`101`	`102`	`)`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`// The following predicates are extended in data extensions under javascript/ql/lib/semmle/javascript/security/domains/`
`105`	`106`	`// and can be extended with custom model packs as necessary.`
`106`		`-`
`107`	`107`	`/** Holds for hostnames defined in data extensions */`
`108`	`108`	`extensible predicate isCdnDomainWithCheckingRequired(string hostname);`
`109`	`109`