hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Mass rename to node1,state1,node2,state2 naming convention

Browse Source
This commit is contained in:
Asger F
2024-12-13 14:57:05 +01:00
parent ac6da6c2b1
commit 079294e55f
34 changed files with 220 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
View File

@@ -65,27 +65,27 @@ module CodeInjectionConfig implements DataFlow::StateConfigSig {
}
}
predicate isSource(DataFlow::Node source, FlowState label) {
source instanceof ActiveThreatModelSource and label = TTaint()
predicate isSource(DataFlow::Node source, FlowState state) {
source instanceof ActiveThreatModelSource and state = TTaint()
}
predicate isSink(DataFlow::Node sink) { sink instanceof DynamicImport }
predicate isSink(DataFlow::Node sink, FlowState label) {
sink instanceof WorkerThreads and label = TUrlConstructor()
predicate isSink(DataFlow::Node sink, FlowState state) {
sink instanceof WorkerThreads and state = TUrlConstructor()
}
predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
predicate isAdditionalFlowStep(
DataFlow::Node pred, FlowState predlbl, DataFlow::Node succ, FlowState succlbl
DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
) {
exists(DataFlow::NewNode newUrl | succ = newUrl |
exists(DataFlow::NewNode newUrl | node2 = newUrl |
newUrl = DataFlow::globalVarRef("URL").getAnInstantiation() and
pred = newUrl.getArgument(0)
node1 = newUrl.getArgument(0)
) and
predlbl = TTaint() and
succlbl = TUrlConstructor()
state1 = TTaint() and
state2 = TUrlConstructor()
}
}

10
javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
View File

@@ -21,15 +21,15 @@ module EnvValueAndKeyInjectionConfig implements DataFlow::ConfigSig {
sink = valueOfEnv()
}
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(DataFlow::InvokeNode ikn |
ikn = DataFlow::globalVarRef("Object").getAMemberInvocation("keys")
|
pred = ikn.getArgument(0) and
node1 = ikn.getArgument(0) and
(
succ = ikn.getAChainedMethodCall(["filter", "map"]) or
succ = ikn or
succ = ikn.getAChainedMethodCall("forEach").getABoundCallbackParameter(0, 0)
node2 = ikn.getAChainedMethodCall(["filter", "map"]) or
node2 = ikn or
node2 = ikn.getAChainedMethodCall("forEach").getABoundCallbackParameter(0, 0)
)
)
}

4
javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql
View File

@@ -19,9 +19,9 @@ module DecompressionBombConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink }
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(DecompressionBomb::AdditionalTaintStep addstep |
addstep.isAdditionalTaintStep(pred, succ)
addstep.isAdditionalTaintStep(node1, node2)
)
}
}