hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add support for annotation comments specifying additional sources and sinks.

Browse Source
This commit is contained in:
Max Schaefer
2018-11-08 10:27:28 +00:00
parent bdf29d010a
commit 132570940a
7 changed files with 101 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/Summaries/ExtractSinkSummaries.expected
View File

@@ -8,6 +8,7 @@
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | data | InsufficientPasswordHash |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | taint | CodeInjection |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) hashPass) 0) | taint | InsufficientPasswordHash |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) mkdirp) 0) | taint | TaintedPath |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | data | CodeInjection |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | data | CommandInjection |
| (parameter (member (root https://www.npmjs.com/package/infer-sources) multiple) 0) | taint | CodeInjection |

7
javascript/ql/test/query-tests/Security/Summaries/index.js
View File

@@ -161,6 +161,10 @@ function h(y) {
return y;
}
function mkdirp(path) {
path /* Semmle: sink: taint, TaintedPath */
}
module.exports = {
codeInjection: codeInjection,
commandInjection: commandInjection,
@@ -183,5 +187,6 @@ module.exports = {
notACookieSource: notACookieSource,
invoke: invoke,
g: g,
h: h
h: h,
mkdirp: mkdirp
}