File tree Expand file tree Collapse file tree 1 file changed +7
-1
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +7
-1
lines changed Original file line number Diff line number Diff line change @@ -103,6 +103,12 @@ module ReflectedXss {
103103 )
104104 }
105105
106+ bindingset [ headerBlock]
107+ pragma [ inline_late]
108+ private predicate doesNotDominateCallback ( ReachableBasicBlock headerBlock ) {
109+ not exists ( Expr e | e instanceof Function | headerBlock .dominates ( e .getBasicBlock ( ) ) )
110+ }
111+
106112 /**
107113 * Holds if the HeaderDefinition `header` seems to be local.
108114 * A HeaderDefinition is local if it dominates exactly one `ResponseSendArgument`.
@@ -122,7 +128,7 @@ module ReflectedXss {
122128 header .getBasicBlock ( ) .( ReachableBasicBlock ) .dominates ( sender .getBasicBlock ( ) )
123129 ) and
124130 // doesn't dominate something that looks like a callback.
125- not exists ( Expr e | e instanceof Function | headerBlock . dominates ( e . getBasicBlock ( ) ) )
131+ doesNotDominateCallback ( headerBlock )
126132 )
127133 }
128134
You can’t perform that action at this time.
0 commit comments