File tree Expand file tree Collapse file tree 1 file changed +14
-1
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +14
-1
lines changed Original file line number Diff line number Diff line change @@ -24,6 +24,17 @@ deprecated private class ConcreteMaybeFromProto extends MaybeFromProto {
2424 ConcreteMaybeFromProto ( ) { this = this }
2525}
2626
27+ /** Gets a data flow node referring to an instance of `Map`. */
28+ private DataFlow:: SourceNode mapObject ( DataFlow:: TypeTracker t ) {
29+ t .start ( ) and
30+ result = DataFlow:: globalVarRef ( "Map" ) .getAnInstantiation ( )
31+ or
32+ exists ( DataFlow:: TypeTracker t2 | result = mapObject ( t2 ) .track ( t2 , t ) )
33+ }
34+
35+ /** Gets a data flow node referring to an instance of `Map`. */
36+ private DataFlow:: SourceNode mapObject ( ) { result = mapObject ( DataFlow:: TypeTracker:: end ( ) ) }
37+
2738/**
2839 * A taint-tracking configuration for reasoning about unvalidated dynamic method calls.
2940 */
@@ -67,7 +78,9 @@ module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig {
6778 not PropertyInjection:: hasUnsafeMethods ( read .getBase ( ) .getALocalSource ( ) )
6879 )
6980 or
70- exists ( DataFlow:: SourceNode base , DataFlow:: CallNode get | get = base .getAMethodCall ( "get" ) |
81+ exists ( DataFlow:: CallNode get |
82+ get = mapObject ( ) .getAMethodCall ( "get" ) and
83+ get .getNumArgument ( ) = 1 and
7184 node1 = get .getArgument ( 0 ) and
7285 node2 = get
7386 ) and
You can’t perform that action at this time.
0 commit comments