File tree Expand file tree Collapse file tree
javascript/ql/src/semmle/javascript Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -265,13 +265,14 @@ private module ArrayDataFlow {
265265 * A step for modelling `concat`.
266266 * For example in `e = arr1.concat(arr2, arr3)`: if any of the `arr` is tainted, then so is `e`.
267267 */
268- private class ArrayConcatStep extends DataFlow:: AdditionalFlowStep , DataFlow:: MethodCallNode {
269- ArrayConcatStep ( ) { this .getMethodName ( ) = "concat" }
270-
268+ private class ArrayConcatStep extends DataFlow:: SharedFlowStep {
271269 override predicate loadStoreStep ( DataFlow:: Node pred , DataFlow:: Node succ , string prop ) {
272- prop = arrayElement ( ) and
273- ( pred = this .getReceiver ( ) or pred = this .getAnArgument ( ) ) and
274- succ = this
270+ exists ( DataFlow:: MethodCallNode call |
271+ call .getMethodName ( ) = "concat" and
272+ prop = arrayElement ( ) and
273+ ( pred = call .getReceiver ( ) or pred = call .getAnArgument ( ) ) and
274+ succ = call
275+ )
275276 }
276277 }
277278
You can’t perform that action at this time.
0 commit comments