hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port CommandInjection

Browse Source
This commit is contained in:
Asger F
2023-10-04 21:11:54 +02:00
parent ccd6d3dcd7
commit 17233a6749
3 changed files with 181 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/src/Security/CWE-078/CommandInjection.ql
View File

@@ -15,16 +15,16 @@
import javascript
import semmle.javascript.security.dataflow.CommandInjectionQuery
import DataFlow::PathGraph
import CommandInjectionFlow::PathGraph
from
Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight,
Source sourceNode
CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink,
DataFlow::Node highlight, Source sourceNode
where
cfg.hasFlowPath(source, sink) and
CommandInjectionFlow::flowPath(source, sink) and
(
if cfg.isSinkWithHighlight(sink.getNode(), _)
then cfg.isSinkWithHighlight(sink.getNode(), highlight)
if isSinkWithHighlight(sink.getNode(), _)
then isSinkWithHighlight(sink.getNode(), highlight)
else highlight = sink.getNode()
) and
sourceNode = source.getNode()