remove TTUndefined from TypeOfSanitizer in js/shell-command-constructed-from-input

erik-krogh · erik-krogh · commit df95562f8ff4 · 2020-12-22T09:43:50.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
@@ -201,7 +201,7 @@ module UnsafeShellCommandConstruction {
 
     TypeOfSanitizer() {
       TaintTracking::isTypeofGuard(astNode, x,
-        any(InferredType t | t = TTUndefined() or t = TTNumber() or t = TTBoolean()))
+        any(InferredType t | t = TTNumber() or t = TTBoolean()))
     }
 
     override predicate sanitizes(boolean outcome, Expr e) {

Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ module UnsafeShellCommandConstruction {`
`201`	`201`
`202`	`202`	`TypeOfSanitizer() {`
`203`	`203`	`TaintTracking::isTypeofGuard(astNode, x,`
`204`		`- any(InferredType t \| t = TTUndefined() or t = TTNumber() or t = TTBoolean()))`
	`204`	`+ any(InferredType t \| t = TTNumber() or t = TTBoolean()))`
`205`	`205`	`}`
`206`	`206`
`207`	`207`	`override predicate sanitizes(boolean outcome, Expr e) {`