Fixes false positives from commit 445552d

Napalys · Napalys · commit 449cee91c86d · 2024-11-07T10:33:13.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll b/javascript/ql/lib/semmle/javascript/MembershipCandidates.qll
@@ -193,7 +193,7 @@ module MembershipCandidate {
         or
         // u.match(/re/) or u.match("re")
         base = this and
-        m = "match" and
+        m = ["match", "matchAll"] and
         enumeration = RegExp::getRegExpFromNode(firstArg)
       )
     }
diff --git a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected
@@ -51,14 +51,6 @@ nodes
 | check-regex.js:41:13:41:43 | "test.c ... tainted |
 | check-regex.js:41:27:41:43 | req.query.tainted |
 | check-regex.js:41:27:41:43 | req.query.tainted |
-| check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted |
-| check-regex.js:47:15:47:45 | "test.c ... tainted |
-| check-regex.js:47:15:47:45 | "test.c ... tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted |
 | check-validator.js:15:15:15:45 | "test.c ... tainted |
 | check-validator.js:15:15:15:45 | "test.c ... tainted |
 | check-validator.js:15:29:15:45 | req.query.tainted |
@@ -135,14 +127,6 @@ edges
 | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
 | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
 | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted | check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted | check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted | check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:44:29:44:45 | req.query.tainted | check-regex.js:44:15:44:45 | "test.c ... tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted | check-regex.js:47:15:47:45 | "test.c ... tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted | check-regex.js:47:15:47:45 | "test.c ... tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted | check-regex.js:47:15:47:45 | "test.c ... tainted |
-| check-regex.js:47:29:47:45 | req.query.tainted | check-regex.js:47:15:47:45 | "test.c ... tainted |
 | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
 | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
 | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
@@ -182,8 +166,6 @@ edges
 | check-regex.js:31:15:31:45 | "test.c ... tainted | check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
 | check-regex.js:34:15:34:42 | baseURL ... tainted | check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
 | check-regex.js:41:13:41:43 | "test.c ... tainted | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
-| check-regex.js:44:15:44:45 | "test.c ... tainted | check-regex.js:44:29:44:45 | req.query.tainted | check-regex.js:44:15:44:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
-| check-regex.js:47:15:47:45 | "test.c ... tainted | check-regex.js:47:29:47:45 | req.query.tainted | check-regex.js:47:15:47:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
 | check-validator.js:15:15:15:45 | "test.c ... tainted | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
 | check-validator.js:27:15:27:45 | "test.c ... tainted | check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
 | check-validator.js:50:15:50:45 | "test.c ... tainted | check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |

Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ module MembershipCandidate {`
`193`	`193`	`or`
`194`	`194`	`// u.match(/re/) or u.match("re")`
`195`	`195`	`base = this and`
`196`		`- m = "match" and`
	`196`	`+ m = ["match", "matchAll"] and`
`197`	`197`	`enumeration = RegExp::getRegExpFromNode(firstArg)`
`198`	`198`	`)`
`199`	`199`	`}`