ci: update sus stub

damyanpetev · damyanpetev · commit 0edf0b27aa56 · 2026-03-06T14:05:57.000+02:00
diff --git a/.github/codeql/custom-queries-javascript/ShellSanitizer.ql b/.github/codeql/custom-queries-javascript/ShellSanitizer.ql
@@ -9,9 +9,9 @@ module UtilSanitizerConfig implements DataFlow::ConfigSig {
 	predicate isBarrier(DataFlow::Node nd) {
 		nd.(DataFlow::CallNode).getCalleeName() = "sanitizeShellArg"
 	}
-	/** Minimal stubs required by ConfigSig (false should be no extra action). */
-	predicate isSource(DataFlow::Node n) { false }
-	predicate isSink(DataFlow::Node n) { false }
+	/** Minimal stubs required by ConfigSig */
+	predicate isSource(DataFlow::Node n) { n = n }
+	predicate isSink(DataFlow::Node n) { n = n }
 }
 
 module UtilSanitizerConfigFlow = TaintTracking::Global<UtilSanitizerConfig>;

Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,9 @@ module UtilSanitizerConfig implements DataFlow::ConfigSig {`
`9`	`9`	`predicate isBarrier(DataFlow::Node nd) {`
`10`	`10`	`nd.(DataFlow::CallNode).getCalleeName() = "sanitizeShellArg"`
`11`	`11`	`}`
`12`		`- /** Minimal stubs required by ConfigSig (false should be no extra action). */`
`13`		`- predicate isSource(DataFlow::Node n) { false }`
`14`		`- predicate isSink(DataFlow::Node n) { false }`
	`12`	`+ /** Minimal stubs required by ConfigSig */`
	`13`	`+ predicate isSource(DataFlow::Node n) { n = n }`
	`14`	`+ predicate isSink(DataFlow::Node n) { n = n }`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`module UtilSanitizerConfigFlow = TaintTracking::Global<UtilSanitizerConfig>;`