You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"Client-side URL redirect","Client-side URL redirection based on unvalidated user input may cause redirection to malicious web sites.","error","Untrusted URL redirection depends on a [[""user-provided value""|""relative:https:///source.js:2:11:2:30""]].
Untrusted URL redirection depends on a [[""user-provided value""|""relative:https:///source.js:2:11:2:25""]].","/main.js","5","26","5","26"
Is there an issue? Since the part of code (() => {})() which seems irrelevant to the vulnerability to me affects the query result.
The version of the codeql that I use:
CodeQL command-line toolchain release 2.18.3.
Copyright (C) 2019-2024 GitHub, Inc.
Unpacked in: ...
Analysis results depend critically on separately distributed query and
extractor modules. To list modules that are visible to the toolchain,
use 'codeql resolve qlpacks' and 'codeql resolve languages'.
Thanks, but are you sure the pr can fix that? I switched the "js/top-level-comma" branch, checked the updated code exists, and rerun the command it didn't work. Did I miss any command? The file you modified is a java file maybe I need to clean up the built artifact somewhere and rebuild the extractor?
Yes, the extractor needs to be rebuilt and the database needs to be extracted with the new extractor, so simply checking out the branch won't be enough. Unfortunately it requires internal access to build the extractor so you'll have to wait for the fix.
The problem is when I scan these files of code:
./main.js:
./source.js:
CodeQL doesn't report any vulnerability but if I comment the first line of main.js, like:
It detected one, which is:
Is there an issue? Since the part of code
(() => {})()
which seems irrelevant to the vulnerability to me affects the query result.The version of the codeql that I use:
And here is the command I use:
The text was updated successfully, but these errors were encountered: