From 11d6259dbfdb4ddf896d09149e83779930525463 Mon Sep 17 00:00:00 2001 From: Max Schaefer Date: Thu, 8 Nov 2018 13:09:54 +0000 Subject: [PATCH] JavaScript: Move from `Node` to `PathNode`. --- javascript/ql/src/Security/CWE-022/TaintedPath.ql | 6 +++--- javascript/ql/src/Security/CWE-078/CommandInjection.ql | 10 +++++----- javascript/ql/src/Security/CWE-079/ReflectedXss.ql | 6 +++--- javascript/ql/src/Security/CWE-079/StoredXss.ql | 6 +++--- javascript/ql/src/Security/CWE-079/Xss.ql | 6 +++--- javascript/ql/src/Security/CWE-089/SqlInjection.ql | 6 +++--- javascript/ql/src/Security/CWE-094/CodeInjection.ql | 6 +++--- .../ql/src/Security/CWE-134/TaintedFormatString.ql | 6 +++--- javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql | 6 +++--- .../ql/src/Security/CWE-209/StackTraceExposure.ql | 6 +++--- javascript/ql/src/Security/CWE-312/CleartextLogging.ql | 8 ++++---- javascript/ql/src/Security/CWE-312/CleartextStorage.ql | 6 +++--- .../ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql | 6 +++--- .../ql/src/Security/CWE-338/InsecureRandomness.ql | 6 +++--- .../CWE-346/CorsMisconfigurationForCredentials.ql | 6 +++--- .../ql/src/Security/CWE-400/RemotePropertyInjection.ql | 6 +++--- .../ql/src/Security/CWE-502/UnsafeDeserialization.ql | 6 +++--- .../ql/src/Security/CWE-601/ClientSideUrlRedirect.ql | 6 +++--- .../ql/src/Security/CWE-601/ServerSideUrlRedirect.ql | 6 +++--- javascript/ql/src/Security/CWE-611/Xxe.ql | 6 +++--- .../CWE-640/HostHeaderPoisoningInEmailGeneration.ql | 6 +++--- javascript/ql/src/Security/CWE-643/XpathInjection.ql | 6 +++--- javascript/ql/src/Security/CWE-730/RegExpInjection.ql | 6 +++--- javascript/ql/src/Security/CWE-776/XmlBomb.ql | 6 +++--- .../ql/src/Security/CWE-798/HardcodedCredentials.ql | 10 +++++----- .../CWE-843/TypeConfusionThroughParameterTampering.ql | 6 +++--- javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql | 6 +++--- .../src/Security/CWE-916/InsufficientPasswordHash.ql | 6 +++--- javascript/ql/src/Security/CWE-918/RequestForgery.ql | 8 ++++---- 29 files changed, 93 insertions(+), 93 deletions(-) diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index 3bc77a53548..ddaf8ff3e96 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -18,6 +18,6 @@ import javascript import semmle.javascript.security.dataflow.TaintedPath::TaintedPath import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "This path depends on $@.", source, "a user-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "This path depends on $@.", source, "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index 2cb33c1ebdb..055d0b1cc1e 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -16,10 +16,10 @@ import javascript import semmle.javascript.security.dataflow.CommandInjection::CommandInjection import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight -where cfg.hasFlow(source, sink) and - if cfg.isSinkWithHighlight(sink, _) then - cfg.isSinkWithHighlight(sink, highlight) +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight +where cfg.hasPathFlow(source, sink) and + if cfg.isSinkWithHighlight(sink.getNode(), _) then + cfg.isSinkWithHighlight(sink.getNode(), highlight) else - highlight = sink + highlight = sink.getNode() select highlight, "This command depends on $@.", source, "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index e5879a6301f..3ea49de54dc 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Cross-site scripting vulnerability due to $@.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Cross-site scripting vulnerability due to $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index cde3fb7ba72..5ac97e1ede3 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXss::StoredXss import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Stored cross-site scripting vulnerability due to $@.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Stored cross-site scripting vulnerability due to $@.", source, "stored value" diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 26c21f580aa..238e0a87635 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, sink.(Sink).getVulnerabilityKind() + " vulnerability due to $@.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 73f836adaa2..1ebd0176346 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -15,8 +15,8 @@ import semmle.javascript.security.dataflow.SqlInjection import semmle.javascript.security.dataflow.NosqlInjection import DataFlow::PathGraph -from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink +from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where (cfg instanceof SqlInjection::Configuration or cfg instanceof NosqlInjection::Configuration) and - cfg.hasFlow(source, sink) -select sink, "This query depends on $@.", source, "a user-provided value" + cfg.hasPathFlow(source, sink) +select sink.getNode(), "This query depends on $@.", source, "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index 1b02623d0c7..1983395d2d0 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -16,6 +16,6 @@ import javascript import semmle.javascript.security.dataflow.CodeInjection::CodeInjection import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ flows to here and is interpreted as code.", source, "User-provided value" diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index c1bc1dd0dbf..e5b1a63d1c8 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -13,6 +13,6 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "$@ flows here and is used in a format string.", source, "User-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ flows here and is used in a format string.", source, "User-provided value" diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index 649b09a447b..625db04eb8e 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -12,6 +12,6 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow (source, sink) -select sink, "$@ flows directly to outbound network request", source, "File data" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ flows directly to outbound network request", source, "File data" diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 29acb9f36fe..9e82e67b143 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.StackTraceExposure::StackTraceExposure import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Stack trace information from $@ may be exposed to an external user here.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Stack trace information from $@ may be exposed to an external user here.", source, "here" diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index f1bcf19faf9..823f01f4b02 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -32,8 +32,8 @@ predicate inBrowserEnvironment(TopLevel tl) { ) } -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) and +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) and // ignore logging to the browser console (even though it is not a good practice) - not inBrowserEnvironment(sink.asExpr().getTopLevel()) -select sink, "Sensitive data returned by $@ is logged here.", source, source.(Source).describe() + not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel()) +select sink.getNode(), "Sensitive data returned by $@ is logged here.", source, source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 76545de3b20..56b4b267437 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -16,6 +16,6 @@ import javascript import semmle.javascript.security.dataflow.CleartextStorage::CleartextStorage import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Sensitive data returned by $@ is stored here.", source, source.(Source).describe() +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Sensitive data returned by $@ is stored here.", source, source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 18f712f1528..9fdf0e96df6 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -14,7 +14,7 @@ import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm::BrokenCryptoAl import semmle.javascript.security.SensitiveActions import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) and +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) and not source.asExpr() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash -select sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.(Source).describe() +select sink.getNode(), "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.(Source).describe() diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index b415acb3a92..6d6720c6519 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -14,6 +14,6 @@ import javascript import semmle.javascript.security.dataflow.InsecureRandomness::InsecureRandomness import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Cryptographically insecure $@ in a security context.", source, "random value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Cryptographically insecure $@ in a security context.", source, "random value" diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 9b18c2bf239..78c0e13a3c7 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -15,8 +15,8 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentials::CorsMisconfigurationForCredentials import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "$@ leak vulnerability due to $@.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ leak vulnerability due to $@.", sink.(Sink).getCredentialsHeader(), "Credential", source, "a misconfigured CORS header value" diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 78d3cb7d938..c4f27c2bfc1 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -16,7 +16,7 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjection::RemotePropertyInjection import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "A $@ is used as" + sink.(Sink).getMessage(), +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "A $@ is used as" + sink.(Sink).getMessage(), source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 2d5e30c74f4..f72d04233c5 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -14,6 +14,6 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserialization::UnsafeDeserialization import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Unsafe deserialization of $@.", source, "user input" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Unsafe deserialization of $@.", source, "user input" diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index 8272abab0f0..02ebbbd3372 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -16,6 +16,6 @@ import javascript import semmle.javascript.security.dataflow.ClientSideUrlRedirect::ClientSideUrlRedirect import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Untrusted URL redirection due to $@.", source, "user-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Untrusted URL redirection due to $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index 42cdddc46de..7eb22e12eb9 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -14,6 +14,6 @@ import javascript import semmle.javascript.security.dataflow.ServerSideUrlRedirect::ServerSideUrlRedirect import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Untrusted URL redirection due to $@.", source, "user-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Untrusted URL redirection due to $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 5ebbf33a1a9..ef88aeaeaaa 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.Xxe::Xxe import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "A $@ is parsed as XML without guarding against external entity expansion.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "A $@ is parsed as XML without guarding against external entity expansion.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 4af6c22cd70..aae8e42bade 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -14,6 +14,6 @@ import javascript import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGeneration::HostHeaderPoisoningInEmailGeneration import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Links in this email can be hijacked by poisoning the HTTP host header $@.", source, "here" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Links in this email can be hijacked by poisoning the HTTP host header $@.", source, "here" diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index 904c8149ab3..2d56505efff 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -14,6 +14,6 @@ import javascript import semmle.javascript.security.dataflow.XpathInjection::XpathInjection import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "$@ flows here and is used in an XPath expression.", source, "User-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ flows here and is used in an XPath expression.", source, "User-provided value" diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index 57127778cd6..27e482596b1 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -16,6 +16,6 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjection::RegExpInjection import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "This regular expression is constructed from a $@.", source, "user-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "This regular expression is constructed from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index a0c9020a5f4..fcff0c764c4 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.XmlBomb::XmlBomb import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "A $@ is parsed as XML without guarding against uncontrolled entity expansion.", +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "A $@ is parsed as XML without guarding against uncontrolled entity expansion.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index 3d21115fd07..c29fd9d1b60 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -16,11 +16,11 @@ import javascript private import semmle.javascript.security.dataflow.HardcodedCredentials::HardcodedCredentials import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string value -where cfg.hasFlow(source, sink) and +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value +where cfg.hasPathFlow(source, sink) and // use source value in message if it's available - if source.asExpr() instanceof ConstantString then - value = "The hard-coded value \"" + source.asExpr().(ConstantString).getStringValue() + "\"" + if source.getNode().asExpr() instanceof ConstantString then + value = "The hard-coded value \"" + source.getNode().asExpr().(ConstantString).getStringValue() + "\"" else value = "This hard-coded value" -select source, value + " is used as $@.", sink, sink.(Sink).getKind() +select source.getNode(), value + " is used as $@.", sink, sink.getNode().(Sink).getKind() diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index f9403c65238..3e9f6e018bd 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -13,6 +13,6 @@ import javascript import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTampering::TypeConfusionThroughParameterTampering import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Potential type confusion for $@.", source, "HTTP request parameter" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Potential type confusion for $@.", source, "HTTP request parameter" diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index 1eb21eb7c76..e4aff3fc8d6 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -12,6 +12,6 @@ import javascript import semmle.javascript.security.dataflow.HttpToFileAccess::HttpToFileAccess import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "$@ flows to file system", source, "Untrusted data" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "$@ flows to file system", source, "Untrusted data" diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index b209a6c5831..ba729c28a73 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -13,6 +13,6 @@ import javascript import semmle.javascript.security.dataflow.InsufficientPasswordHash::InsufficientPasswordHash import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, "Password from $@ is hashed insecurely.", source , source.(Source).describe() +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasPathFlow(source, sink) +select sink.getNode(), "Password from $@ is hashed insecurely.", source , source.(Source).describe() diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index 81d6e83a32e..831fb652292 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -13,7 +13,7 @@ import javascript import semmle.javascript.security.dataflow.RequestForgery::RequestForgery import DataFlow::PathGraph -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node request -where cfg.hasFlow(source, sink) and - request = sink.getARequest() -select request, "The $@ of this request depends on $@.", sink, sink.(Sink).getKind(), source, "a user-provided value" +from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +where cfg.hasPathFlow(source, sink) and + request = sink.getNode().(Sink).getARequest() +select request, "The $@ of this request depends on $@.", sink, sink.getNode().(Sink).getKind(), source, "a user-provided value"