JS: split SqlInjection.qll

2026-04-28 18:25:24 +02:00 · 2019-07-04 09:25:34 +02:00
parent 2972c28e58
commit 2bb702ceea
2 changed files with 47 additions and 32 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll
@@ -1,28 +1,19 @@
 /**
- * Provides a taint tracking configuration for reasoning about SQL injection
- * vulnerabilities.
+ * Provides a taint tracking configuration for reasoning about SQL
+ * injection vulnerabilities
+ *
+ * Note, for performance reasons: only import this file if
+ * `SqlInjection::Configuration` is needed, otherwise
+ * `SqlInjectionCustomizations` should be imported instead.
 */

 import javascript

 module SqlInjection {
-  /**
-   * A data flow source for SQL-injection vulnerabilities.
-   */
-  abstract class Source extends DataFlow::Node { }
+  import SqlInjectionCustomizations::SqlInjection

  /**
-   * A data flow sink for SQL-injection vulnerabilities.
-   */
-  abstract class Sink extends DataFlow::Node { }
-
-  /**
-   * A sanitizer for SQL-injection vulnerabilities.
-   */
-  abstract class Sanitizer extends DataFlow::Node { }
-
-  /**
-   * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities.
+   * A taint-tracking configuration for reasoning about SQL injection vulnerabilities.
   */
  class Configuration extends TaintTracking::Configuration {
    Configuration() { this = "SqlInjection" }
@@ -36,19 +27,4 @@ module SqlInjection {
      node instanceof Sanitizer
    }
  }
-
-  /** A source of remote user input, considered as a flow source for SQL injection. */
-  class RemoteFlowSourceAsSource extends Source {
-    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
-  }
-
-  /** An SQL expression passed to an API call that executes SQL. */
-  class SqlInjectionExprSink extends Sink, DataFlow::ValueNode {
-    override SQL::SqlString astNode;
-  }
-
-  /** An expression that sanitizes a value for the purposes of SQL injection. */
-  class SanitizerExpr extends Sanitizer, DataFlow::ValueNode {
-    SanitizerExpr() { astNode = any(SQL::SqlSanitizer ss).getOutput() }
-  }
 }
--- a/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjectionCustomizations.qll
@@ -0,0 +1,39 @@
+/**
+ * Provides default sources, sinks and sanitisers for reasoning about
+ * SQL injection vulnerabilities, as well as extension points for
+ * adding your own.
+ */
+
+import javascript
+
+module SqlInjection {
+  /**
+   * A data flow source for SQL injection vulnerabilities.
+   */
+  abstract class Source extends DataFlow::Node { }
+
+  /**
+   * A data flow sink for SQL injection vulnerabilities.
+   */
+  abstract class Sink extends DataFlow::Node { }
+
+  /**
+   * A sanitizer for SQL injection vulnerabilities.
+   */
+  abstract class Sanitizer extends DataFlow::Node { }
+
+  /** A source of remote user input, considered as a flow source for SQL injection. */
+  class RemoteFlowSourceAsSource extends Source {
+    RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
+  }
+
+  /** An SQL expression passed to an API call that executes SQL. */
+  class SqlInjectionExprSink extends Sink, DataFlow::ValueNode {
+    override SQL::SqlString astNode;
+  }
+
+  /** An expression that sanitizes a value for the purposes of SQL injection. */
+  class SanitizerExpr extends Sanitizer, DataFlow::ValueNode {
+    SanitizerExpr() { astNode = any(SQL::SqlSanitizer ss).getOutput() }
+  }
+}