Skip to content

Commit aeda2d6

Browse files
author
Max Schaefer
committed
JavaScript: Introduce localTaintStep predicate.
It's sometimes useful for exploratory queries, and the other languages have it as well.
1 parent 46b6e6d commit aeda2d6

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1573,4 +1573,6 @@ module DataFlow {
15731573
import Configuration
15741574
import TrackedNodes
15751575
import TypeTracking
1576+
1577+
predicate localTaintStep = TaintTracking::localTaintStep/2;
15761578
}

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -885,4 +885,12 @@ module TaintTracking {
885885

886886
override predicate appliesTo(Configuration cfg) { any() }
887887
}
888+
889+
/**
890+
* Holds if taint propagates from `pred` to `succ` in one local (intra-procedural) step.
891+
*/
892+
predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
893+
DataFlow::localFlowStep(pred, succ) or
894+
any(AdditionalTaintStep s).step(pred, succ)
895+
}
888896
}

0 commit comments

Comments
 (0)