Skip to content

Commit e7166c2

Browse files
committed
JS: Workaround for JSON externs
1 parent 221d949 commit e7166c2

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,11 @@ module GlobalAccessPath {
116116
// Note: Avoid unneeded materialization of DataFlow::Node.getFile()
117117
rhs.getAstNode().getFile() = file
118118
)
119+
or
120+
// Hard-code JSON methods from the externs file, since they aren't explicitly assigned.
121+
(accessPath = "JSON.parse" or accessPath = "JSON.stringify") and
122+
file.getBaseName() = "es5.js" and
123+
any(TopLevel tl | tl.getFile() = file).isExterns()
119124
}
120125

121126
/**

0 commit comments

Comments
 (0)