File tree Expand file tree Collapse file tree 1 file changed +7
-3
lines changed
javascript/ql/src/semmle/javascript/dataflow Expand file tree Collapse file tree 1 file changed +7
-3
lines changed Original file line number Diff line number Diff line change @@ -587,14 +587,14 @@ module TaintTracking {
587587
588588 }
589589
590- /** A check of the form `if(o .indexOf(x) != -1)`, which sanitizes `x` in its "then" branch. */
590+ /** A check of the form `if(whitelist .indexOf(x) != -1)`, which sanitizes `x` in its "then" branch. */
591591 class IndexOfSanitizer extends AdditionalSanitizerGuardNode , DataFlow:: ValueNode {
592592 MethodCallExpr indexOf ;
593593 override EqualityTest astNode ;
594594
595595 IndexOfSanitizer ( ) {
596596 exists ( Expr index | astNode .hasOperands ( indexOf , index ) |
597- // one operand is of the form `o .indexOf(x)`
597+ // one operand is of the form `whitelist .indexOf(x)`
598598 indexOf .getMethodName ( ) = "indexOf" and
599599 // and the other one is -1
600600 index .getIntValue ( ) = - 1
@@ -612,7 +612,11 @@ module TaintTracking {
612612
613613 }
614614
615- /** A check of the form `if(~o.indexOf(x))`, which sanitizes `x` in its "then" branch. */
615+ /**
616+ * A check of the form `if(~whitelist.indexOf(x))`, which sanitizes `x` in its "then" branch.
617+ *
618+ * This sanitizer is equivalent to `if(whitelist.indexOf(x) != -1)`, since `~n = 0` iff `n = -1`.
619+ */
616620 class BitwiseIndexOfSanitizer extends AdditionalSanitizerGuardNode , DataFlow:: ValueNode {
617621 MethodCallExpr indexOf ;
618622 override BitNotExpr astNode ;
You can’t perform that action at this time.
0 commit comments