RecursionError in _get_varname_value_from_context
Opened this issue · 0 comments
jndre commented
When parsing JS code that has some kind of recursion and includes a sink, the data flow analysis infinitely recurses until we receive RecursionError: maximum recursion depth exceeded
.
example for request highjacking:
<html>
<body>
<script>
let source = location.hash;
function foo(param, depth) {
if (depth > 10) {
fetch(param);
} else {
bar(param, depth + 1);
}
}
function bar(param, depth) {
foo(param, depth + 1);
}
foo(source, 0);
</script>
</body>
</html>
The recursion in the data flow analysis goes:
- _get_varname_value_from_context
- get_function_def_of_block_stmt
- check_if_function_has_param
- get_function_call_values_of_function_definitions
- _get_varname_value_from_context ...
This bug was triggered by some third-party library scripts