Fixes CodeQL issues (#4090)

2 years ago · 97c7fdb35c
parent be57cbf4ef
commit 97c7fdb35c
3 changed files with 11 additions and 6 deletions
--- a/build/importTypescript.ts
+++ b/build/importTypescript.ts
@ -37,10 +37,15 @@ export const typescriptVersion = "${typeScriptDependencyVersion}";\n`

 	let tsServices = fs.readFileSync(path.join(TYPESCRIPT_LIB_SOURCE, 'typescript.js')).toString();

-	tsServices = tsServices.replace(
-		'const path = matchedStar ? subst.replace("*", matchedStar) : subst;',
-		'const path = matchedStar ? subst.replace("*", matchedStar) : subst; // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
-	);
+	tsServices = tsServices
+		.replace(
+			'const path = matchedStar ? subst.replace("*", matchedStar) : subst;',
+			'const path = matchedStar ? subst.replace("*", matchedStar) : subst; // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
+		)
+		.replace(
+			'return key.replace("*", matchedStar);',
+			'return key.replace("*", matchedStar); // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler'
+		);

 	// The output from this build will only be accessible via ESM; rather than removing
 	// references to require/module, define them as dummy variables that bundlers will ignore.
--- a/src/language/typescript/lib/typescriptServices.js
+++ b/src/language/typescript/lib/typescriptServices.js
@ -44626,7 +44626,7 @@ ${lanes.join("\n")}
          for (const { ending, value } of candidates) {
            if (value.length >= prefix.length + suffix.length && startsWith(value, prefix) && endsWith(value, suffix) && validateEnding({ ending, value })) {
              const matchedStar = value.substring(prefix.length, value.length - suffix.length);
-              return key.replace("*", matchedStar);
+              return key.replace("*", matchedStar); // CodeQL [SM02383] This is a false positive, the code is from the TypeScript compiler
            }
          }
        } else if (some(candidates, (c) => c.ending !== 0 /* Minimal */ && pattern === c.value) || some(candidates, (c) => c.ending === 0 /* Minimal */ && pattern === c.value && validateEnding(c))) {
--- a/website/src/runner/index.ts
+++ b/website/src/runner/index.ts
@ -46,7 +46,7 @@ async function initialize(state: IPreviewState) {

 	const style = document.createElement("style");
 	style.id = "custom-style";
-	style.innerHTML = state.css;
+	style.innerHTML = state.css; // CodeQL [SM03712] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground.
 	document.body.appendChild(style);

 	document.body.innerHTML += state.html;