Skip to content

Commit ceb9fff

Browse files
authored
Merge pull request #2479 from max-schaefer/localTaintStep
Approved by asgerf
2 parents dc7a0c1 + aeda2d6 commit ceb9fff

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1575,4 +1575,6 @@ module DataFlow {
15751575
import Configuration
15761576
import TrackedNodes
15771577
import TypeTracking
1578+
1579+
predicate localTaintStep = TaintTracking::localTaintStep/2;
15781580
}

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -902,4 +902,12 @@ module TaintTracking {
902902

903903
override predicate appliesTo(Configuration cfg) { any() }
904904
}
905+
906+
/**
907+
* Holds if taint propagates from `pred` to `succ` in one local (intra-procedural) step.
908+
*/
909+
predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
910+
DataFlow::localFlowStep(pred, succ) or
911+
any(AdditionalTaintStep s).step(pred, succ)
912+
}
905913
}

0 commit comments

Comments
 (0)