Merge pull request #18740 from asgerf/js/more-precise-diff-informed

JS: Provide more precise related locations
github · Feb 17, 2025 · 0ca9b22 · 0ca9b22
2 parents 3644de0 + 7e3f898
commit 0ca9b22
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll
@@ -29,8 +29,6 @@ module PolynomialReDoSConfig implements DataFlow::ConfigSig {
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
-    result = sink.(Sink).getLocation()
-    or
     result = sink.(Sink).getHighlight().getLocation()
     or
     result = sink.(Sink).getRegExp().getLocation()

diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll
@@ -29,6 +29,10 @@ module SsrfConfig implements DataFlow::ConfigSig {
 
   predicate isBarrierOut(DataFlow::Node node) { strictSanitizingPrefixEdge(node, _) }
 
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    none() // Does not select the source
+  }
+
   predicate observeDiffInformedIncrementalMode() { any() }
 }