hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update two more uses of SanitizerGuardNode

Browse Source
This commit is contained in:
Asger F
2024-11-29 10:08:46 +01:00
parent 62c17d3f4e
commit 0d79c7141c
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll
View File

@@ -70,10 +70,11 @@ deprecated class Configuration extends TaintTracking::Configuration {
* A call to a function called `isLocalUrl` or similar, which is
* considered to sanitize a variable for purposes of URL redirection.
*/
class LocalUrlSanitizingGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode {
class LocalUrlSanitizingGuard extends DataFlow::CallNode {
LocalUrlSanitizingGuard() { this.getCalleeName().regexpMatch("(?i)(is_?)?local_?url") }
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** DEPRECATED. Use `blocksExpr` instead. */
deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */
predicate blocksExpr(boolean outcome, Expr e) {
@@ -81,3 +82,10 @@ class LocalUrlSanitizingGuard extends TaintTracking::SanitizerGuardNode, DataFlo
outcome = true
}
}
deprecated private class LocalUrlSanitizingGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof LocalUrlSanitizingGuard
{
override predicate sanitizes(boolean outcome, Expr e) {
LocalUrlSanitizingGuard.super.sanitizes(outcome, e)
}
}

12
javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll
View File

@@ -100,10 +100,11 @@ predicate hostnameSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sin
/**
* A check that sanitizes the hostname of a URL.
*/
class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith {
class HostnameSanitizerGuard extends StringOps::StartsWith {
HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) }
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** DEPRECATED. Use `blocksExpr` instead. */
deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */
predicate blocksExpr(boolean outcome, Expr e) {
@@ -112,6 +113,13 @@ class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOp
}
}
deprecated private class HostnameSanitizerGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof HostnameSanitizerGuard
{
override predicate sanitizes(boolean outcome, Expr e) {
HostnameSanitizerGuard.super.sanitizes(outcome, e)
}
}
/**
* A check that sanitizes the hostname of a URL.
*/