зеркало из https://github.com/github/codeql.git
JavaScript: Recognize ":" pseudo-directive.
This commit is contained in:
Родитель
6e6dab9ab8
Коммит
311cbd824c
|
@ -44,6 +44,7 @@
|
|||
| Stored cross-site scripting (`js/stored-xss`) | Fewer false-positive results | The query now recognizes more sanitizers. |
|
||||
| Uncontrolled command line (`js/command-line-injection`) | More results | This query now treats responses from servers as untrusted. |
|
||||
| Uncontrolled data used in path expression (`js/path-injection`) | Fewer false-positive results | This query now recognizes calls to Express `sendFile` as safe in some cases. |
|
||||
| Unknown directive (`js/unknown-directive`) | Fewer false positive results | This query no longer flags uses of ":", which is sometimes used like a directive. |
|
||||
|
||||
## Changes to QL libraries
|
||||
|
||||
|
|
|
@ -13,6 +13,8 @@ import javascript
|
|||
from Directive d
|
||||
where
|
||||
not d instanceof KnownDirective and
|
||||
// ignore ":" pseudo-directive sometimes seen in dual-use shell/node.js scripts
|
||||
not d.getExpr().getStringValue() = ":" and
|
||||
// but exclude attribute top-levels: `<a href="javascript:'some-attribute-string'">`
|
||||
not d.getParent() instanceof CodeInAttribute
|
||||
select d, "Unknown directive: '" + truncate(d.getDirectiveText(), 20, " ... (truncated)") + "'."
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
":" //# ; exec /usr/bin/env node "$0" "$@"
|
||||
|
||||
console.log('javascript');
|
Загрузка…
Ссылка в новой задаче