Skip to content

Commit 355cfaa

Browse files
committed
JS: Autoformat
1 parent 1b0bec9 commit 355cfaa

File tree

3 files changed

+14
-8
lines changed

3 files changed

+14
-8
lines changed

javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,6 @@ import DataFlow::PathGraph
1515

1616
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
1717
where cfg.hasFlowPath(source, sink)
18-
select sink.getNode(), source, sink, "Potential type confusion as $@ may be either an array or a string.", source.getNode(),
18+
select sink.getNode(), source, sink,
19+
"Potential type confusion as $@ may be either an array or a string.", source.getNode(),
1920
"this HTTP request parameter"

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1192,8 +1192,8 @@ private predicate loadStep(
11921192
*/
11931193
pragma[nomagic]
11941194
private predicate reachableFromStoreBase(
1195-
string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd, DataFlow::Configuration cfg,
1196-
PathSummary summary
1195+
string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd,
1196+
DataFlow::Configuration cfg, PathSummary summary
11971197
) {
11981198
exists(PathSummary s1, PathSummary s2, DataFlow::Node rhs |
11991199
reachableFromSource(rhs, cfg, s1)
@@ -1204,7 +1204,8 @@ private predicate reachableFromStoreBase(
12041204
endProp = startProp and
12051205
base = nd and
12061206
summary =
1207-
MkPathSummary(false, s1.hasCall().booleanOr(s2.hasCall()), DataFlow::FlowLabel::data(), DataFlow::FlowLabel::data())
1207+
MkPathSummary(false, s1.hasCall().booleanOr(s2.hasCall()), DataFlow::FlowLabel::data(),
1208+
DataFlow::FlowLabel::data())
12081209
)
12091210
or
12101211
exists(PathSummary newSummary, PathSummary oldSummary |
@@ -1221,8 +1222,8 @@ private predicate reachableFromStoreBase(
12211222
*/
12221223
pragma[noinline]
12231224
private predicate reachableFromStoreBaseStep(
1224-
string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd, DataFlow::Configuration cfg,
1225-
PathSummary oldSummary, PathSummary newSummary
1225+
string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd,
1226+
DataFlow::Configuration cfg, PathSummary oldSummary, PathSummary newSummary
12261227
) {
12271228
exists(DataFlow::Node mid |
12281229
reachableFromStoreBase(startProp, endProp, base, mid, cfg, oldSummary) and
@@ -1264,7 +1265,10 @@ private predicate storeToLoad(
12641265
DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary oldSummary,
12651266
PathSummary newSummary
12661267
) {
1267-
exists(string storeProp, string loadProp, DataFlow::Node storeBase, DataFlow::Node loadBase, PathSummary s1, PathSummary s2 |
1268+
exists(
1269+
string storeProp, string loadProp, DataFlow::Node storeBase, DataFlow::Node loadBase,
1270+
PathSummary s1, PathSummary s2
1271+
|
12681272
storeStep(pred, storeBase, storeProp, cfg, s1) and
12691273
reachableFromStoreBase(storeProp, loadProp, storeBase, loadBase, cfg, s2) and
12701274
oldSummary = s1.appendValuePreserving(s2) and

javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,8 @@ module TypeConfusionThroughParameterTampering {
100100
private class ProtoStringComparison extends Sink {
101101
ProtoStringComparison() {
102102
exists(EqualityTest test |
103-
test.hasOperands(this.asExpr(), any(Expr e | e.getStringValue() = ["__proto__", "constructor"])) and
103+
test.hasOperands(this.asExpr(),
104+
any(Expr e | e.getStringValue() = ["__proto__", "constructor"])) and
104105
test.isStrict()
105106
)
106107
}

0 commit comments

Comments
 (0)