change getAnElementRead to getASubstringRead

erik-krogh · erik-krogh · commit 356843976991 · 2020-05-05T13:33:21.000+02:00
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
@@ -29,7 +29,7 @@ DataFlow::SourceNode schemeOf(DataFlow::Node url) {
   // url.split(":")[0]
   exists(StringSplitCall split |
     split.getSeparator() = ":" and
-    result = split.getAnElementRead(0) and
+    result = split.getASubstringRead(0) and
     url = split.getBaseString()
   )
   or
diff --git a/javascript/ql/src/semmle/javascript/StandardLibrary.qll b/javascript/ql/src/semmle/javascript/StandardLibrary.qll
@@ -178,5 +178,5 @@ class StringSplitCall extends DataFlow::MethodCallNode {
    * Gets a read of the `i`th element from the split string.
    */
   bindingset[i]
-  DataFlow::Node getAnElementRead(int i) { result = getAPropertyRead(i.toString()) }
+  DataFlow::Node getASubstringRead(int i) { result = getAPropertyRead(i.toString()) }
 }
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -285,7 +285,7 @@ module DomBasedXss {
     StringSplitCall splitCall;
 
     QueryPrefixSanitizer() {
-      this = splitCall.getAnElementRead(0) and
+      this = splitCall.getASubstringRead(0) and
       splitCall.getSeparator() = "?" and
       splitCall.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]
     }

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ DataFlow::SourceNode schemeOf(DataFlow::Node url) {`
`29`	`29`	`// url.split(":")[0]`
`30`	`30`	`exists(StringSplitCall split \|`
`31`	`31`	`split.getSeparator() = ":" and`
`32`		`- result = split.getAnElementRead(0) and`
	`32`	`+ result = split.getASubstringRead(0) and`
`33`	`33`	`url = split.getBaseString()`
`34`	`34`	`)`
`35`	`35`	`or`
Original file line number	Diff line number	Diff line change
`@@ -178,5 +178,5 @@ class StringSplitCall extends DataFlow::MethodCallNode {`
`178`	`178`	* Gets a read of the `i`th element from the split string.
`179`	`179`	`*/`
`180`	`180`	`bindingset[i]`
`181`		`- DataFlow::Node getAnElementRead(int i) { result = getAPropertyRead(i.toString()) }`
	`181`	`+ DataFlow::Node getASubstringRead(int i) { result = getAPropertyRead(i.toString()) }`
`182`	`182`	`}`
Original file line number	Diff line number	Diff line change
`@@ -285,7 +285,7 @@ module DomBasedXss {`
`285`	`285`	`StringSplitCall splitCall;`
`286`	`286`
`287`	`287`	`QueryPrefixSanitizer() {`
`288`		`- this = splitCall.getAnElementRead(0) and`
	`288`	`+ this = splitCall.getASubstringRead(0) and`
`289`	`289`	`splitCall.getSeparator() = "?" and`
`290`	`290`	`splitCall.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")]`
`291`	`291`	`}`