Skip to content

Commit 1af753c

Browse files
aschackmullaschackmull
committed
JS: Use shared barrier guard for falsy check.
1 parent 782b6cf commit 1af753c

File tree

1 file changed

+11
-13
lines changed

1 file changed

+11
-13
lines changed

javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,16 @@ predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2,
3636
defaultAdditionalTaintStep(node1, node2) and model = "" // TODO: set model
3737
}
3838

39-
bindingset[node]
40-
pragma[inline_late]
41-
private BasicBlock getBasicBlockFromSsa2(Ssa2::Node node) {
42-
result = node.(Ssa2::ExprNode).getExpr().getBasicBlock()
43-
or
44-
result = node.(Ssa2::SsaInputNode).getBasicBlock()
39+
private predicate guardChecksFalsy(
40+
Ssa2::SsaDataflowInput::Guard g, Ssa2::SsaDataflowInput::Expr e, boolean outcome
41+
) {
42+
exists(ConditionGuardNode guard |
43+
guard.getTest() = g and
44+
guard.getOutcome() = outcome and
45+
e = g and
46+
e instanceof VarAccess and
47+
outcome = false
48+
)
4549
}
4650

4751
/**
@@ -64,13 +68,7 @@ private BasicBlock getBasicBlockFromSsa2(Ssa2::Node node) {
6468
* ```
6569
*/
6670
private predicate varAccessBarrier(DataFlow::Node node) {
67-
exists(ConditionGuardNode guard, Ssa2::ExprNode nodeFrom, Ssa2::Node nodeTo |
68-
guard.getOutcome() = false and
69-
guard.getTest().(VarAccess) = nodeFrom.getExpr() and
70-
Ssa2::localFlowStep(_, nodeFrom, nodeTo, true) and
71-
guard.dominates(getBasicBlockFromSsa2(nodeTo)) and
72-
node = getNodeFromSsa2(nodeTo)
73-
)
71+
getNodeFromSsa2(Ssa2::BarrierGuard<guardChecksFalsy/3>::getABarrierNode()) = node
7472
}
7573

7674
/**

0 commit comments

Comments
 (0)