Skip to content

Commit 9d4e737

Browse files
Napalysasgerf
andcommitted
JS: follow proper code standards for get predicates
Co-authored-by: asgerf <[email protected]>
1 parent 3171f38 commit 9d4e737

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -146,23 +146,18 @@ predicate whitelistedRemoval(StringReplaceCall repl) {
146146
/**
147147
* Gets a nice string representation of the pattern or value of the node.
148148
*/
149-
predicate getPatternOrValueString(DataFlow::Node node, string patternOrValue) {
149+
string getPatternOrValueString(DataFlow::Node node) {
150150
if node instanceof DataFlow::RegExpConstructorInvokeNode
151-
then
152-
exists(DataFlow::RegExpConstructorInvokeNode regExp |
153-
node = regExp and
154-
patternOrValue = "/" + regExp.getRoot() + "/"
155-
)
156-
else patternOrValue = node.toString()
151+
then result = "/" + node.(DataFlow::RegExpConstructorInvokeNode).getRoot() + "/"
152+
else result = node.toString()
157153
}
158154

159-
from StringReplaceCall repl, DataFlow::Node old, string patternOrValue, string msg
155+
from StringReplaceCall repl, DataFlow::Node old, string msg
160156
where
161157
(old = repl.getArgument(0) or old = repl.getRegExp()) and
162-
getPatternOrValueString(old, patternOrValue) and
163158
(
164159
not repl.maybeGlobal() and
165-
msg = "This replaces only the first occurrence of " + patternOrValue + "." and
160+
msg = "This replaces only the first occurrence of " + getPatternOrValueString(old) + "." and
166161
// only flag if this is likely to be a sanitizer or URL encoder or decoder
167162
exists(string m | m = getAMatchedString(old) |
168163
// sanitizer

0 commit comments

Comments
 (0)