File tree Expand file tree Collapse file tree
javascript/ql/src/Security/CWE-770 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -96,7 +96,7 @@ class Configuration extends TaintTracking::Configuration {
9696 c = dst and
9797 src = c .getAnArgument ( )
9898 |
99- c = DataFlow:: globalVarRef ( "Math" ) .getAPropertyRead ( ) . getACall ( ) or
99+ c = DataFlow:: globalVarRef ( "Math" ) .getAMemberCall ( _ ) or
100100 c = DataFlow:: globalVarRef ( [ "Number" , "parseInt" , "parseFloat" ] ) .getACall ( )
101101 )
102102 )
@@ -191,10 +191,12 @@ class BufferSizeSink extends Sink {
191191 )
192192 or
193193 invk = clazz .getAnInvocation ( ) and
194- invk .getNumArgument ( ) = 1 and
195- index = 0
196- or
197- invk .getNumArgument ( ) = 3 and index = 2
194+ (
195+ invk .getNumArgument ( ) = 1 and
196+ index = 0
197+ or
198+ invk .getNumArgument ( ) = 3 and index = 2
199+ )
198200 )
199201 or
200202 this = DataFlow:: globalVarRef ( "SlowBuffer" ) .getAnInstantiation ( ) .getArgument ( 0 )
You can’t perform that action at this time.
0 commit comments