Skip to content

JS: Recognize bound exported functions in js/shell-command-constructed-from-input#4868

Merged
codeql-ci merged 3 commits into
github:mainfrom
erik-krogh:boundShell
Dec 22, 2020
Merged

JS: Recognize bound exported functions in js/shell-command-constructed-from-input#4868
codeql-ci merged 3 commits into
github:mainfrom
erik-krogh:boundShell

Conversation

@erik-krogh
Copy link
Copy Markdown
Contributor

@erik-krogh erik-krogh commented Dec 22, 2020

And recognize the following pattern as a property-write:

Object.defineProperty(obj, "prop", {get: function() { 
  return x;
});

Gets a TP for CVE-2020-7789

@erik-krogh erik-krogh requested a review from a team as a code owner December 22, 2020 10:28
@github-actions github-actions Bot added the JS label Dec 22, 2020
@codeql-ci codeql-ci merged commit 2bb9636 into github:main Dec 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esbena esbena esbena approved these changes

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@erik-krogh @esbena @Deborah-Digges @codeql-ci