Fix nonHtmlContentType.

Max Schaefer · Max Schaefer · commit e7095baa391b · 2020-05-27T16:52:11.000+01:00
diff --git a/ql/src/semmle/go/security/ReflectedXssCustomizations.qll b/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
@@ -75,7 +75,7 @@ module ReflectedXss {
         pred.getStringValue().regexpMatch("^[^<].*")
         or
         // json data cannot begin with `<`
-        pred = any(EncodingJson::MarshalFunction mf).getOutput().getExitNode(_)
+        exists(EncodingJson::MarshalFunction mf | pred = mf.getOutput().getNode(mf.getACall()))
       )
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ module ReflectedXss {`
`75`	`75`	`pred.getStringValue().regexpMatch("^[^<].*")`
`76`	`76`	`or`
`77`	`77`	// json data cannot begin with `<`
`78`		`- pred = any(EncodingJson::MarshalFunction mf).getOutput().getExitNode(_)`
	`78`	`+ exists(EncodingJson::MarshalFunction mf \| pred = mf.getOutput().getNode(mf.getACall()))`
`79`	`79`	`)`
`80`	`80`	`)`
`81`	`81`	`}`