add "valid" to the AdHocWhitelistCheckSanitizer

erik-krogh · erik-krogh · commit bb8905b46ea2 · 2020-05-16T22:43:36.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
@@ -778,7 +778,8 @@ module TaintTracking {
    */
   class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {
     AdHocWhitelistCheckSanitizer() {
-      getCalleeName().regexpMatch("(?i).*((?<!un)safe|whitelist|allow|(?<!un)auth(?!or\\b)).*") and
+      getCalleeName()
+          .regexpMatch("(?i).*((?<!un)safe|whitelist|valid|allow|(?<!un)auth(?!or\\b)).*") and
       getNumArgument() = 1
     }
 

Original file line number	Diff line number	Diff line change
`@@ -778,7 +778,8 @@ module TaintTracking {`
`778`	`778`	`*/`
`779`	`779`	`class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode {`
`780`	`780`	`AdHocWhitelistCheckSanitizer() {`
`781`		`- getCalleeName().regexpMatch("(?i).((?<!un)safe\|whitelist\|allow\|(?<!un)auth(?!or\\b)).") and`
	`781`	`+ getCalleeName()`
	`782`	`+ .regexpMatch("(?i).((?<!un)safe\|whitelist\|valid\|allow\|(?<!un)auth(?!or\\b)).") and`
`782`	`783`	`getNumArgument() = 1`
`783`	`784`	`}`
`784`	`785`