mirror of
https://github.com/hohn/codeql-javascript-multiflow.git
synced 2025-12-16 20:03:04 +01:00
39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
import javascript
|
|
|
|
// Ultimate source
|
|
// ----------------
|
|
// var line = stdinBuffer.toString();
|
|
predicate uSource(MethodCallExpr sbts) {
|
|
// sbts.getReceiver().(DotExpr).getPropertyNameExpr().(Identifier).getName() = "toString"
|
|
sbts.getMethodName().matches("%toString%")
|
|
}
|
|
|
|
// Ultimate sink
|
|
// ----------------
|
|
// db.exec(query);
|
|
|
|
// Intermediate flow sink
|
|
// ------------------------
|
|
// Connect
|
|
// const db = new sqlite3.Database(
|
|
// to its use
|
|
// db.exec(query);
|
|
//
|
|
// class IntermediateSink extends DataFlow::Configuration {
|
|
// IntermediateSink() { this = "IntermediateSink" }
|
|
|
|
// override predicate isSource(DataFlow::Node nd) {
|
|
// exists(JsonParserCall jpc | nd = jpc.getOutput())
|
|
// }
|
|
|
|
// override predicate isSink(DataFlow::Node nd) { exists(DataFlow::PropRef pr | nd = pr.getBase()) }
|
|
// }
|
|
|
|
// from IntermediateSink cfg, DataFlow::Node source, DataFlow::Node sink
|
|
// where cfg.hasFlow(source, sink)
|
|
// select sink, "Property access on JSON value originating $@.", source, "here"
|
|
|
|
from MethodCallExpr sbts
|
|
where uSource(sbts)
|
|
select sbts
|