JS: Use HTTP responses as taint sources

2026-05-18 21:27:08 +02:00 · 2024-06-13 09:33:06 +02:00
parent d88c498d49
commit 0751ef5c72
1 changed files with 9 additions and 0 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -177,3 +177,12 @@ private class ExternalRemoteFlowSource extends RemoteFlowSource {

  override string getSourceType() { result = ap.getSourceType() }
 }
+
+/**
+ * A response from an outgoing network request.
+ */
+private class ResponseSource extends RemoteFlowSource {
+  ResponseSource() { this = any(ClientRequest r).getAResponseDataNode() }
+
+  override string getSourceType() { result = "a response from a remote server" }
+}