hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed libxmljs from being marked as sink for xml-bomb.

Browse Source
This commit is contained in:
Napalys Klicius
2025-07-15 08:27:56 +02:00
parent 19d6f665b4
commit 1851deb929
6 changed files with 11 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/lib/semmle/javascript/frameworks/XmlParsers.qll
View File

@@ -49,9 +49,7 @@ module XML {
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// internal entities are always resolved
kind = InternalEntity()
or
not kind = InternalEntity() and
// other entities are only resolved if the configuration option `noent` is set to `true`
exists(JS::Expr noent |
this.hasOptionArgument(1, "noent", noent) and
@@ -126,8 +124,9 @@ module XML {
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// entities are resolved by default
any()
// SAX parsers in libxmljs also inherit libxml2's protection against XML bombs
kind = ExternalEntity(_) or
kind = ParameterEntity(true)
}
override DataFlow::Node getAResult() {
@@ -149,8 +148,9 @@ module XML {
override JS::Expr getSourceArgument() { result = this.getArgument(0) }
override predicate resolvesEntities(EntityKind kind) {
// entities are resolved by default
any()
// SAX push parsers in libxmljs also inherit libxml2's protection against XML bombs
kind = ExternalEntity(_) or
kind = ParameterEntity(true)
}
override DataFlow::Node getAResult() {