hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add model for multiparty

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-02-09 11:00:16 +01:00
parent 61b4ffec3d
commit 010d580f8e
3 changed files with 79 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
javascript/ql/src/semmle/javascript/frameworks/FormParsers.qll
View File

@@ -25,7 +25,7 @@ private module Busboy {
class BusBoyRemoteFlow extends RemoteFlowSource {
BusBoyRemoteFlow() { this = busboy().getAMemberCall("on").getABoundCallbackParameter(1, _) }
override string getSourceType() { result = "Busbuy parsed user value" }
override string getSourceType() { result = "parsed user value from Busbuy" }
}
}
@@ -48,5 +48,38 @@ private class FormidableRemoteFlow extends RemoteFlowSource {
)
}
override string getSourceType() { result = "Formidable parsed user value" }
override string getSourceType() { result = "parsed user value from Formidable" }
}
/**
* Predicates and classes modelling the `multiparty` library.
*/
private module Multiparty {
/**
* Gets an instance of of `Multiparty` form parser that parses a HTTP request object.
* The `parse` call is the method call that receives the HTTP request object.
*/
private DataFlow::SourceNode form(DataFlow::MethodCallNode parse) {
result = DataFlow::moduleMember("multiparty", "Form").getAnInstantiation() and
parse = result.getAMethodCall("parse") and
parse.getArgument(0).asExpr() instanceof HTTP::RequestExpr
}
/**
* A source of remote flow from the `Multiparty` library.
*/
class MultipartyRemoteFlow extends RemoteFlowSource {
MultipartyRemoteFlow() {
exists(DataFlow::MethodCallNode parse | exists(form(parse)) |
this = parse.getABoundCallbackParameter(1, any(int i | i > 0))
)
or
exists(DataFlow::MethodCallNode on | on = form(_).getAMethodCall("on") |
on.getArgument(0).mayHaveStringValue(["part", "file", "field"]) and
this = on.getABoundCallbackParameter(1, _)
)
}
override string getSourceType() { result = "parsed user value from Multiparty" }
}
}