Skip to content

Commit 8caaf8f

Browse files
tausbntausbn
authored
Merge pull request #4158 from RasmusWL/python-reformualte-js-team-comment
Python: Reformualte explanation of experience from JS
2 parents afe234d + 496d856 commit 8caaf8f

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT
3636
* Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to concatenation.
3737
*
3838
* Note that since we cannot easily distinguish interesting types (like string, list, tuple),
39-
* we consider any `+` operation to propagate taint. After consulting with the JS team, this
40-
* doesn't sound like it is a big problem in practice.
39+
* we consider any `+` operation to propagate taint. This is what is done in the JS libraries,
40+
* and isn't a big problem in practice.
4141
*/
4242
predicate concatStep(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeTo) {
4343
exists(BinaryExprNode add | add = nodeTo.getNode() |

0 commit comments

Comments
 (0)