hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add additional Mongoose/MongoDB sinks

Browse Source
This commit is contained in:
Asger F
2018-10-10 10:11:18 +01:00
parent 8d8148d58e
commit 2a87d53db4
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
View File

@@ -62,9 +62,22 @@ private module MongoDB {
QueryCall() {
exists (string m | asExpr().(MethodCallExpr).calls(any(Collection c), m) |
m = "aggregate" and queryArgIdx = 0 or
m = "count" and queryArgIdx = 0 or
m = "deleteMany" and queryArgIdx = 0 or
m = "deleteOne" and queryArgIdx = 0 or
m = "distinct" and queryArgIdx = 1 or
m = "find" and queryArgIdx = 0
m = "find" and queryArgIdx = 0 or
m = "findOne" and queryArgIdx = 0 or
m = "findOneAndDelete" and queryArgIdx = 0 or
m = "findOneAndRemove" and queryArgIdx = 0 or
m = "findOneAndDelete" and queryArgIdx = 0 or
m = "findOneAndUpdate" and queryArgIdx = 0 or
m = "remove" and queryArgIdx = 0 or
m = "replaceOne" and queryArgIdx = 0 or
m = "update" and queryArgIdx = 0 or
m = "updateMany" and queryArgIdx = 0 or
m = "updateOne" and queryArgIdx = 0
)
}