Python: Use .matches instead of .indexOf() = 0

RasmusWL · RasmusWL · commit 4a7bfbe0918d · 2020-07-02T11:43:23.000+02:00
diff --git a/python/ql/src/semmle/python/web/django/Response.qll b/python/ql/src/semmle/python/web/django/Response.qll
@@ -65,7 +65,7 @@ class DjangoResponseContentXSSVulnerable extends DjangoResponseContent {
         or
         exists(StringValue s |
             cls.getContentTypeArg(call).pointsTo(s) and
-            s.getText().indexOf("text/html") = 0
+            s.getText().matches("text/html%")
         )
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ class DjangoResponseContentXSSVulnerable extends DjangoResponseContent {`
`65`	`65`	`or`
`66`	`66`	`exists(StringValue s \|`
`67`	`67`	`cls.getContentTypeArg(call).pointsTo(s) and`
`68`		`- s.getText().indexOf("text/html") = 0`
	`68`	`+ s.getText().matches("text/html%")`
`69`	`69`	`)`
`70`	`70`	`}`
`71`	`71`	`}`