Skip to content

Commit a7c5e84

Browse files
committed
Expand ReplaceAll in sanitizer
1 parent c3fefa8 commit a7c5e84

File tree

1 file changed

+2
-9
lines changed

1 file changed

+2
-9
lines changed

go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -148,15 +148,8 @@ module TaintedPath {
148148
* A replacement of the form `!strings.ReplaceAll(nd, "..")` or `!strings.ReplaceAll(nd, ".")`, considered as a sanitizer for
149149
* path traversal.
150150
*/
151-
class DotDotReplace extends Sanitizer {
152-
DotDotReplace() {
153-
exists(DataFlow::CallNode cleanCall, DataFlow::Node valueNode |
154-
cleanCall = any(Function f | f.hasQualifiedName("strings", "ReplaceAll")).getACall() and
155-
valueNode = cleanCall.getArgument(1) and
156-
valueNode.asExpr().(StringLit).getValue() = ["..", "."] and
157-
this = cleanCall.getResult()
158-
)
159-
}
151+
class DotDotReplaceAll extends StringOps::ReplaceAll, Sanitizer {
152+
DotDotReplaceAll() { this.getReplacedString() = ["..", "."] }
160153
}
161154

162155
/**

0 commit comments

Comments
 (0)