File tree Expand file tree Collapse file tree
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -40,9 +40,7 @@ module ExceptionXss {
4040 not isUnlikelyToThrowSensitiveInformation ( node ) and
4141 (
4242 // in the case of reflective calls the below ensures that both InvokeNodes have no known callee.
43- forex ( DataFlow:: InvokeNode call | call .getAnArgument ( ) = node |
44- not exists ( call .getACallee ( ) )
45- )
43+ forex ( DataFlow:: InvokeNode call | call .getAnArgument ( ) = node | not exists ( call .getACallee ( ) ) )
4644 or
4745 node .asExpr ( ) .getEnclosingStmt ( ) instanceof ThrowStmt
4846 or
@@ -75,9 +73,12 @@ module ExceptionXss {
7573 exists ( DataFlow:: CallNode call | call .getLastArgument ( ) .getAFunctionValue ( ) = this ) and
7674 this .getNumParameter ( ) = 2 and
7775 errorParameter = this .getParameter ( 0 ) and
78- ifStmt = this .getFunction ( ) .getBodyStmt ( 0 ) and
76+ ifStmt = this .getFunction ( ) .getBodyStmt ( 0 ) and
7977 errorParameter .flowsToExpr ( ifStmt .getCondition ( ) ) and
80- not ifStmt .getThen ( ) .getBasicBlock ( ) .getASuccessor * ( ) = this .getFunction ( ) .getBodyStmt ( 1 ) .getBasicBlock ( )
78+ not ifStmt .getThen ( ) .getBasicBlock ( ) .getASuccessor * ( ) = this
79+ .getFunction ( )
80+ .getBodyStmt ( 1 )
81+ .getBasicBlock ( )
8182 }
8283
8384 DataFlow:: Node getErrorParam ( ) { result = errorParameter }
You can’t perform that action at this time.
0 commit comments