File tree Expand file tree Collapse file tree 1 file changed +8
-3
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +8
-3
lines changed Original file line number Diff line number Diff line change @@ -513,16 +513,21 @@ module TaintedPath {
513513
514514 override predicate blocks ( boolean outcome , Expr e ) {
515515 member = "relative" and
516- e = maybeGetJoinArg ( pathCall .getArgument ( 1 ) ) .asExpr ( ) and
516+ e = maybeGetPathSuffix ( pathCall .getArgument ( 1 ) ) .asExpr ( ) and
517517 outcome = startsWith .getPolarity ( ) .booleanNot ( )
518518 or
519519 not member = "relative" and
520- e = maybeGetJoinArg ( pathCall .getArgument ( 0 ) ) .asExpr ( ) and
520+ e = maybeGetPathSuffix ( pathCall .getArgument ( 0 ) ) .asExpr ( ) and
521521 outcome = startsWith .getPolarity ( )
522522 }
523523
524+ /**
525+ * Gets the last argument to the given `path.join()` call,
526+ * or the node itself if it is not a join call.
527+ * Is used to get the suffix of the path.
528+ */
524529 bindingset [ e]
525- private DataFlow:: Node maybeGetJoinArg ( DataFlow:: Node e ) {
530+ private DataFlow:: Node maybeGetPathSuffix ( DataFlow:: Node e ) {
526531 exists ( DataFlow:: CallNode call |
527532 call = NodeJSLib:: Path:: moduleMember ( "join" ) .getACall ( ) and e = call
528533 |
You can’t perform that action at this time.
0 commit comments