Skip to content

Commit a11d07c

Browse files
authored
Fix for Superfluous trailing arguments (#6)
To fix this, update the call to `isDocumentWrite` so it matches the function’s expected arity by removing the extra trailing `checker` argument. Best single fix without changing functionality: - In `internal/codeguard/checks/support/typescript_semantic_runner.js`, inside `analyzeCallExpression` around line 923, change: - `isDocumentWrite(node.expression, checker)` - to `isDocumentWrite(node.expression)` This preserves runtime behavior (since extra args were ignored) while resolving the CodeQL issue and improving call clarity. No imports, new methods, or definitions are needed. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
2 parents 6582b21 + 8e8e10b commit a11d07c

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

internal/codeguard/checks/support/typescript_semantic_runner.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -920,7 +920,7 @@ function analyzeCallExpression(node, sourceFile, relPath, flavor, bindings, chec
920920
pushFinding("security", sourceFile, relPath, flavor, rule(flavor, "security.typescript.vm-dynamic-code", "security.javascript.vm-dynamic-code"), "warn", "Node vm dynamic code execution should be reviewed", node.expression.getStart(sourceFile));
921921
}
922922

923-
if (isInsertAdjacentHTML(node.expression) || isDocumentWrite(node.expression, checker)) {
923+
if (isInsertAdjacentHTML(node.expression) || isDocumentWrite(node.expression)) {
924924
pushFinding("security", sourceFile, relPath, flavor, rule(flavor, "security.typescript.unsafe-html-sink", "security.javascript.unsafe-html-sink"), "warn", "unsafe HTML injection sink should be reviewed", node.expression.getStart(sourceFile));
925925
}
926926

0 commit comments

Comments
 (0)