JS: sharpen js/http-to-file-access

javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql

@@ -1,6 +1,6 @@
 /**
- * @name User-controlled data written to file
- * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
+ * @name Network data written to file
+ * @description Writing network data directly to the file system allows arbitrary file upload and might indicate a backdoor.
  * @kind path-problem
  * @problem.severity warning
  * @precision medium

javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll

@@ -24,10 +24,22 @@ module HttpToFileAccess {
   abstract class Sanitizer extends DataFlow::Node { }
 
   /** A source of remote user input, considered as a flow source for writing user-controlled data to files. */
-  class RemoteFlowSourceAsSource extends Source {
+  deprecated class RemoteFlowSourceAsSource extends DataFlow::Node {
     RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
   }
 
+  /**
+   * An access to a user-controlled HTTP request input, considered as a flow source for writing user-controlled data to files
+   */
+  private class RequestInputAccessAsSource extends Source {
+    RequestInputAccessAsSource() { this instanceof HTTP::RequestInputAccess }
+  }
+
+  /** A response from a server, considered as a flow source for writing user-controlled data to files. */
+  private class ServerResponseAsSource extends Source {
+    ServerResponseAsSource() { this = any(ClientRequest r).getAResponseDataNode() }
+  }
+
   /** A sink that represents file access method (write, append) argument */
   class FileAccessAsSink extends Sink {
     FileAccessAsSink() { exists(FileSystemWriteAccess src | this = src.getADataNode()) }