Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent c8407ba commit a673610Copy full SHA for a673610
1 file changed
go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -106,7 +106,10 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
106
TaintTracking::referenceStep(pred, succ)
107
or
108
// Propagate across Sprintf and similar calls
109
- any(Fmt::AppenderOrSprinter s).taintStep(pred, succ)
+ exists(DataFlow::CallNode cn |
110
+ cn.getACalleeIncludingExternals().asFunction() instanceof Fmt::AppenderOrSprinter |
111
+ pred = cn.getAnArgument() and succ = cn.getResult()
112
+ )
113
}
114
115
predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
0 commit comments