Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d793427

Browse files
asger-semmleasger-semmle
committed
JS: treat +/- equally in suffix check query
1 parent c133362 commit d793427

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,9 @@ predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) {
9595
or
9696
isDerivedFromLength(length.getAPredecessor(), operand)
9797
or
98-
exists(SubExpr sub |
99-
isDerivedFromLength(sub.getAnOperand().flow(), operand) and
100-
length = sub.flow()
98+
exists(BinaryExpr expr | expr instanceof SubExpr or expr instanceof AddExpr |
99+
isDerivedFromLength(expr.getAnOperand().flow(), operand) and
100+
length = expr.flow()
101101
)
102102
}
103103

0 commit comments

Comments
 (0)