hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Block InsecureRandomness flow into test files

Browse Source
This commit is contained in:
Asger F
2024-11-01 10:30:24 +01:00
parent 80a5a5909e
commit 01669908f2
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll
View File

@@ -11,6 +11,7 @@ import javascript
private import semmle.javascript.security.SensitiveActions
import InsecureRandomnessCustomizations::InsecureRandomness
private import InsecureRandomnessCustomizations::InsecureRandomness as InsecureRandomness
private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles
/**
* A taint tracking configuration for random values that are not cryptographically secure.
@@ -20,7 +21,11 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate isBarrier(DataFlow::Node node) {
node instanceof Sanitizer
or
ClassifyFiles::isTestFile(node.getFile())
}
predicate isBarrierOut(DataFlow::Node node) {
// stop propagation at the sinks to avoid double reporting