Skip to content

JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.#2240

Merged
semmle-qlci merged 1 commit into
github:masterfrom
max-schaefer:js/indirect-command-argument-data-flow
Nov 1, 2019
Merged

JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments.#2240
semmle-qlci merged 1 commit into
github:masterfrom
max-schaefer:js/indirect-command-argument-data-flow

Conversation

@max-schaefer

Copy link
Copy Markdown
Contributor

This makes it possible to use data-flow exploration (#2236) with the command-injection queries. Performance-wise it's a very slight win on nightly.slugs, with no result changes.

…ation to track indirect command arguments.
@max-schaefer max-schaefer added the JS label Nov 1, 2019
@max-schaefer max-schaefer requested a review from a team as a code owner November 1, 2019 08:47

@esbena esbena left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
I think we can skip the change note.

@semmle-qlci semmle-qlci merged commit e8e2f7b into github:master Nov 1, 2019
@max-schaefer max-schaefer deleted the js/indirect-command-argument-data-flow branch November 6, 2019 10:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants