JS: minor fixups

esbena · esbena · commit 1de1c15919e9 · 2020-01-31T19:33:04.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
@@ -115,7 +115,7 @@ module UnsafeJQueryPlugin {
   }
 
   /**
-   * Holds if `plugin` has a default option defined a `def`.
+   * Holds if `plugin` has a default option defined at `def`.
    */
   private predicate hasDefaultOption(JQueryPluginMethod plugin, DataFlow::PropWrite def) {
     exists(ExtendCall extend, JQueryPluginOptions options, DataFlow::SourceNode default |
@@ -161,7 +161,7 @@ module UnsafeJQueryPlugin {
     IsElementSanitizer() {
       // common ad hoc sanitizing calls
       exists(string name | getCalleeName() = name |
-        name = "isElement" or name = "isWindow" or name = "isWindow"
+        name = "isElement" or name = "isDocument" or name = "isWindow"
       )
     }
 
@@ -171,7 +171,7 @@ module UnsafeJQueryPlugin {
   }
 
   /**
-   * Expression of like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
+   * Expression like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
    */
   class PropertyPrecenseSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
     DataFlow::Node input;

Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ module UnsafeJQueryPlugin {`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`/**`
`118`		- * Holds if `plugin` has a default option defined a `def`.
	`118`	+ * Holds if `plugin` has a default option defined at `def`.
`119`	`119`	`*/`
`120`	`120`	`private predicate hasDefaultOption(JQueryPluginMethod plugin, DataFlow::PropWrite def) {`
`121`	`121`	`exists(ExtendCall extend, JQueryPluginOptions options, DataFlow::SourceNode default \|`
`@@ -161,7 +161,7 @@ module UnsafeJQueryPlugin {`
`161`	`161`	`IsElementSanitizer() {`
`162`	`162`	`// common ad hoc sanitizing calls`
`163`	`163`	`exists(string name \| getCalleeName() = name \|`
`164`		`- name = "isElement" or name = "isWindow" or name = "isWindow"`
	`164`	`+ name = "isElement" or name = "isDocument" or name = "isWindow"`
`165`	`165`	`)`
`166`	`166`	`}`
`167`	`167`
`@@ -171,7 +171,7 @@ module UnsafeJQueryPlugin {`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`/**`
`174`		- * Expression of like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
	`174`	+ * Expression like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
`175`	`175`	`*/`
`176`	`176`	`class PropertyPrecenseSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {`
`177`	`177`	`DataFlow::Node input;`