hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 01:39:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: sharpen js/http-to-file-access

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-09-11 12:05:33 +02:00
parent f3de75ae07
commit 086c473c18
3 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll
View File

@@ -24,10 +24,22 @@ module HttpToFileAccess {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of remote user input, considered as a flow source for writing user-controlled data to files. */
class RemoteFlowSourceAsSource extends Source {
deprecated class RemoteFlowSourceAsSource extends DataFlow::Node {
RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
}
/**
* An access to a user-controlled HTTP request input, considered as a flow source for writing user-controlled data to files
*/
private class RequestInputAccessAsSource extends Source {
RequestInputAccessAsSource() { this instanceof HTTP::RequestInputAccess }
}
/** A response from a server, considered as a flow source for writing user-controlled data to files. */
private class ServerResponseAsSource extends Source {
ServerResponseAsSource() { this = any(ClientRequest r).getAResponseDataNode() }
}
/** A sink that represents file access method (write, append) argument */
class FileAccessAsSink extends Sink {
FileAccessAsSink() { exists(FileSystemWriteAccess src | this = src.getADataNode()) }