JS: Update our own queries

asger-semmle · asger-semmle · commit deb217326d81 · 2019-05-22T13:13:08.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/TaintedObject.qll b/javascript/ql/src/semmle/javascript/security/TaintedObject.qll
@@ -84,7 +84,6 @@ module TaintedObject {
    * Sanitizer guard that blocks deep object taint.
    */
   abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode {
-    override FlowLabel getALabel() { result = label() }
   }
 
   /**
@@ -110,9 +109,10 @@ module TaintedObject {
       )
     }
 
-    override predicate sanitizes(boolean outcome, Expr e) {
+    override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) {
       polarity = outcome and
-      e = typeof.getOperand()
+      e = typeof.getOperand() and
+      label = label()
     }
   }
 }
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
@@ -142,11 +142,10 @@ module UnvalidatedDynamicMethodCall {
       astNode.getAnOperand().getUnderlyingValue() = t
     }
 
-    override predicate sanitizes(boolean outcome, Expr e) {
+    override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
       outcome = astNode.getPolarity() and
-      e = t.getOperand().getUnderlyingValue()
+      e = t.getOperand().getUnderlyingValue() and
+      label instanceof MaybeNonFunction
     }
-
-    override DataFlow::FlowLabel getALabel() { result instanceof MaybeNonFunction }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,6 @@ module TaintedObject {`
`84`	`84`	`* Sanitizer guard that blocks deep object taint.`
`85`	`85`	`*/`
`86`	`86`	`abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode {`
`87`		`- override FlowLabel getALabel() { result = label() }`
`88`	`87`	`}`
`89`	`88`
`90`	`89`	`/**`
`@@ -110,9 +109,10 @@ module TaintedObject {`
`110`	`109`	`)`
`111`	`110`	`}`
`112`	`111`
`113`		`- override predicate sanitizes(boolean outcome, Expr e) {`
	`112`	`+ override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) {`
`114`	`113`	`polarity = outcome and`
`115`		`- e = typeof.getOperand()`
	`114`	`+ e = typeof.getOperand() and`
	`115`	`+ label = label()`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -142,11 +142,10 @@ module UnvalidatedDynamicMethodCall {`
`142`	`142`	`astNode.getAnOperand().getUnderlyingValue() = t`
`143`	`143`	`}`
`144`	`144`
`145`		`- override predicate sanitizes(boolean outcome, Expr e) {`
	`145`	`+ override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {`
`146`	`146`	`outcome = astNode.getPolarity() and`
`147`		`- e = t.getOperand().getUnderlyingValue()`
	`147`	`+ e = t.getOperand().getUnderlyingValue() and`
	`148`	`+ label instanceof MaybeNonFunction`
`148`	`149`	`}`
`149`		`-`
`150`		`- override DataFlow::FlowLabel getALabel() { result instanceof MaybeNonFunction }`
`151`	`150`	`}`
`152`	`151`	`}`