github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-06 07:48:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments

Browse Source
This commit is contained in:
Henry Mercer
2023-05-31 14:23:43 +01:00
parent d427c89ed7
commit 9632771630
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
queries/default-setup-event-context.ql
View File

@@ -27,7 +27,8 @@ class EventContextAccessConfiguration extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
sink instanceof DataFlow::PropRead and
lbl instanceof ParsedLabel and
not exists(DataFlow::PropRead n | sink = n.getBase())
not exists(DataFlow::PropRead n | sink = n.getBase()) and
not sink.asExpr().getFile().getBaseName().matches("%.test.ts")
}
override predicate isAdditionalFlowStep(
@@ -52,11 +53,6 @@ class EventContextAccessConfiguration extends DataFlow::Configuration {
}
from EventContextAccessConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where
cfg.hasFlowPath(source, sink) and
not sink.getNode().asExpr().getFile().getBaseName().matches("%.test.ts")
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink,
"This context property may not exist in default setup workflows. If all uses are safe, add it to the list of "
+ "context properties that are known to be safe in " +
"'queries/default-setup-event-context.ql'. If this use is safe but others are not, " +
"dismiss this alert as a false positive."
"This event context property may not exist in default setup workflows."