File tree Expand file tree Collapse file tree 1 file changed +4
-26
lines changed
javascript/ql/lib/semmle/javascript Expand file tree Collapse file tree 1 file changed +4
-26
lines changed Original file line number Diff line number Diff line change 33 */
44
55private import javascript
6+ private import semmle.javascript.internal.TypeResolution
67
78/**
89 * An input to a view component, such as React props.
@@ -14,34 +15,11 @@ abstract class ViewComponentInput extends DataFlow::Node {
1415
1516private class ViewComponentInputAsThreatModelSource extends ThreatModelSource:: Range instanceof ViewComponentInput
1617{
17- ViewComponentInputAsThreatModelSource ( ) { not isSafeType ( this .asExpr ( ) .getType ( ) ) }
18+ ViewComponentInputAsThreatModelSource ( ) {
19+ not TypeResolution:: valueHasSanitizingPrimitiveType ( this .asExpr ( ) )
20+ }
1821
1922 final override string getThreatModel ( ) { result = "view-component-input" }
2023
2124 final override string getSourceType ( ) { result = ViewComponentInput .super .getSourceType ( ) }
2225}
23-
24- private predicate isSafeType ( Type t ) {
25- t instanceof NumberLikeType
26- or
27- t instanceof BooleanLikeType
28- or
29- t instanceof UndefinedType
30- or
31- t instanceof NullType
32- or
33- t instanceof VoidType
34- or
35- hasSafeTypes ( t , t .( UnionType ) .getNumElementType ( ) )
36- or
37- isSafeType ( t .( IntersectionType ) .getAnElementType ( ) )
38- }
39-
40- /** Hold if the first `n` components of `t` are safe types. */
41- private predicate hasSafeTypes ( UnionType t , int n ) {
42- isSafeType ( t .getElementType ( 0 ) ) and
43- n = 1
44- or
45- isSafeType ( t .getElementType ( n - 1 ) ) and
46- hasSafeTypes ( t , n - 1 )
47- }
You can’t perform that action at this time.
0 commit comments