File tree Expand file tree Collapse file tree 1 file changed +23
-4
lines changed
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +23
-4
lines changed Original file line number Diff line number Diff line change @@ -33,12 +33,31 @@ module ExceptionXss {
3333 .getAParameter ( ) )
3434 else result = getCallerExceptionalReturn ( pred .getContainer ( ) )
3535 }
36+
37+ /**
38+ * Holds if `node` cannot cause an exception containing sensitive information to be thrown.
39+ */
40+ predicate canDefinitelyNotThrowSensitiveInformation ( DataFlow:: Node node ) {
41+ node = any ( DataFlow:: CallNode call | call .getCalleeName ( ) = "getElementById" ) .getAnArgument ( )
42+ or
43+ node = any ( DataFlow:: CallNode call | call .getCalleeName ( ) = "indexOf" ) .getAnArgument ( )
44+ or
45+ node = any ( DataFlow:: CallNode call | call .getCalleeName ( ) = "stringify" ) .getAnArgument ( )
46+ or
47+ node = DataFlow:: globalVarRef ( "console" ) .getAMemberCall ( _) .getAnArgument ( )
48+ }
3649
50+ /**
51+ * Holds if `node` can possibly cause an exception containing sensitive information to be thrown.
52+ */
3753 predicate canThrowSensitiveInformation ( DataFlow:: Node node ) {
38- // in the case of reflective calls the below ensures that both InvokeNodes have no known callee.
39- forex ( DataFlow:: InvokeNode call | node = call .getAnArgument ( ) | not exists ( call .getACallee ( ) ) )
40- or
41- node .asExpr ( ) .getEnclosingStmt ( ) instanceof ThrowStmt
54+ not canDefinitelyNotThrowSensitiveInformation ( node ) and
55+ (
56+ // in the case of reflective calls the below ensures that both InvokeNodes have no known callee.
57+ forex ( DataFlow:: InvokeNode call | node = call .getAnArgument ( ) | not exists ( call .getACallee ( ) ) )
58+ or
59+ node .asExpr ( ) .getEnclosingStmt ( ) instanceof ThrowStmt
60+ )
4261 }
4362
4463 /**
You can’t perform that action at this time.
0 commit comments