From 0751ef5c72080d7dd29fc065de8fc7efcb4bc707 Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Thu, 13 Jun 2024 09:33:06 +0200
Subject: [PATCH] JS: Use HTTP responses as taint sources

---
 .../javascript/security/dataflow/RemoteFlowSources.qll   | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
index bb60b5bc23e..44b5316754a 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -177,3 +177,12 @@ private class ExternalRemoteFlowSource extends RemoteFlowSource {
 
   override string getSourceType() { result = ap.getSourceType() }
 }
+
+/**
+ * A response from an outgoing network request.
+ */
+private class ResponseSource extends RemoteFlowSource {
+  ResponseSource() { this = any(ClientRequest r).getAResponseDataNode() }
+
+  override string getSourceType() { result = "a response from a remote server" }
+}