hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

make ATM anti sink model for dojo.require

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2021-12-08 14:36:51 +01:00
parent 9ffc02944d
commit 13288be7fc
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
View File

@@ -209,6 +209,9 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
call.getCalleeName() = "next" and
exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall()) and
reason instanceof NextFunctionCallReason
or
call = DataFlow::globalVarRef("dojo").getAPropertyRead("require").getACall() and
reason instanceof DojoRequireReason
)
or
(exists(Base64::Decode d | n = d.getInput()) or exists(Base64::Encode d | n = d.getInput())) and

9
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll
View File

@@ -31,7 +31,8 @@ newtype TFilteringReason =
TConstantReceiverReason() or
TBuiltinCallNameReason() or
TBase64ManipulationReason() or
TJQueryArgumentReason()
TJQueryArgumentReason() or
TDojoRequireReason()
/** A reason why a particular endpoint was filtered out by the endpoint filters. */
abstract class FilteringReason extends TFilteringReason {
@@ -208,3 +209,9 @@ class JQueryArgumentReason extends NotASinkReason, TJQueryArgumentReason {
override int getEncoding() { result = 29 }
}
class DojoRequireReason extends NotASinkReason, TDojoRequireReason {
override string getDescription() { result = "DojoRequire" }
override int getEncoding() { result = 30 }
}