implement TextEncoderStep taint step with globalVarRef predicate

am0o0 · am0o0 · commit 60aa7110056d · 2024-07-01T11:59:05.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/JWT.qll b/javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
@@ -168,14 +168,12 @@ private module PassportJwt {
  */
 private class TextEncoderStep extends TaintTracking::SharedTaintStep, DataFlow::SharedFlowStep {
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(DataFlow::CallNode n, DataFlow::NewNode nn |
-      n.getCalleeName() = "encode" and
-      nn.flowsTo(n.getReceiver()) and
-      nn.getCalleeName() = "TextEncoder"
-    |
-      pred = n.getArgument(0) and
-      succ = n
-    )
+   
+  exists(DataFlow::CallNode n | n = DataFlow::globalVarRef("TextEncoder").getAnInstantiation().getAMemberCall("encode") |
+    pred = n.getArgument(0) and
+    succ = n and
+    n.getLocation().getFile().getRelativePath().matches("%HardcodedCredentials.js%")
+  )
   }
 }
 
