File tree Expand file tree Collapse file tree
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -47,20 +47,6 @@ module ServerSideUrlRedirect {
4747 }
4848 }
4949
50- /**
51- * A call to a function called `isLocalUrl` or similar, which is
52- * considered to sanitize a variable for purposes of URL redirection.
53- */
54- class LocalUrlSanitizingGuard extends TaintTracking:: SanitizerGuardNode , DataFlow:: CallNode {
55- LocalUrlSanitizingGuard ( ) { this .getCalleeName ( ) .regexpMatch ( "(?i)(is_?)?local_?url" ) }
56-
57- override predicate sanitizes ( boolean outcome , Expr e ) {
58- // `isLocalUrl(e)` sanitizes `e` if it evaluates to `true`
59- this .getAnArgument ( ) .asExpr ( ) = e and
60- outcome = true
61- }
62- }
63-
6450 /**
6551 * A URL attribute for a React Native `WebView`.
6652 */
Original file line number Diff line number Diff line change @@ -36,3 +36,17 @@ class Configuration extends TaintTracking::Configuration {
3636 guard instanceof HostnameSanitizerGuard
3737 }
3838}
39+
40+ /**
41+ * A call to a function called `isLocalUrl` or similar, which is
42+ * considered to sanitize a variable for purposes of URL redirection.
43+ */
44+ class LocalUrlSanitizingGuard extends TaintTracking:: SanitizerGuardNode , DataFlow:: CallNode {
45+ LocalUrlSanitizingGuard ( ) { this .getCalleeName ( ) .regexpMatch ( "(?i)(is_?)?local_?url" ) }
46+
47+ override predicate sanitizes ( boolean outcome , Expr e ) {
48+ // `isLocalUrl(e)` sanitizes `e` if it evaluates to `true`
49+ this .getAnArgument ( ) .asExpr ( ) = e and
50+ outcome = true
51+ }
52+ }
You can’t perform that action at this time.
0 commit comments