From 4a631b42d43c5a7c9a2e2ae7acd945ebaa1970ff Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Mon, 17 Dec 2018 12:55:34 +0100 Subject: [PATCH] JS: use `.lastIndexOf` in js/incomplete-url-substring-sanitization --- .../Security/CWE-020/IncompleteUrlSubstringSanitization.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 8ea0a9106d1..97988dec805 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -15,7 +15,7 @@ private import semmle.javascript.dataflow.InferredTypes from DataFlow::MethodCallNode call, string name, DataFlow::Node substring, string target where - (name = "indexOf" or name = "includes" or name = "startsWith" or name = "endsWith") and + (name = "indexOf" or name = "lastIndexOf" or name = "includes" or name = "startsWith" or name = "endsWith") and call.getMethodName() = name and substring = call.getArgument(0) and substring.mayHaveStringValue(target) and @@ -27,7 +27,7 @@ where ) and // whitelist not ( - name = "indexOf" and + (name = "indexOf" or name = "lastIndexOf") and ( // arithmetic on the indexOf-result any(ArithmeticExpr e).getAnOperand().getUnderlyingValue() = call.asExpr()