Skip to content

JS: step through parentheses in barrier functions #8229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 26, 2022
Merged

JS: step through parentheses in barrier functions #8229

merged 2 commits into from
Apr 26, 2022

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Feb 24, 2022
edited
Loading

Gets a TN for CVE-2020-28503

Evaluation was uneventful. (Ignore the backref).

@github-actions github-actions bot added the JS label Feb 24, 2022
@erik-krogh erik-krogh marked this pull request as ready for review February 28, 2022 09:16
@erik-krogh erik-krogh requested a review from a team as a code owner February 28, 2022 09:16
@erik-krogh erik-krogh added the no-change-note-required This PR does not need a change note label Feb 28, 2022
@kaeluka
Copy link

kaeluka commented Apr 20, 2022

Gets a TN for GHSA-897m-rjf5-jp39

Which true negative is that?

kaeluka
kaeluka reviewed Apr 20, 2022
View reviewed changes
javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll Outdated
or
// getALogicalAndOperand+(returnExpr) = guard.asExpr() and guardOutcome = true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you mean to remove this line?

javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll Outdated
|
// getALogicalOrOperand+(returnExpr) = guard.asExpr() and guardOutcome = false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you mean to remove this line?

@erik-krogh
Copy link
Contributor Author

erik-krogh commented Apr 20, 2022
edited
Loading

Gets a TN for GHSA-897m-rjf5-jp39

Which true negative is that?

It's the js/prototype-polluting-assignment query.
We already got a TP on the vulnerable version, but we also got an FP on the fixed version.
With this change we now get a TN on the fix.

@erik-krogh erik-krogh requested a review from kaeluka April 25, 2022 20:56
kaeluka
kaeluka approved these changes Apr 26, 2022
View reviewed changes
Copy link

@kaeluka kaeluka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks!

@erik-krogh erik-krogh merged commit 6738270 into github:main Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@kaeluka kaeluka kaeluka approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
JS no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erik-krogh @kaeluka