hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

update {go/py}/stack-trace-exposure to match javascript

Browse Source
This commit is contained in:
erik-krogh
2022-08-11 15:57:31 +02:00
parent 5a0183f1e2
commit 2d0a4c3d83
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
go/ql/src/Security/CWE-209/StackTraceExposure.ql
View File

@@ -76,5 +76,6 @@ class StackTraceExposureConfig extends TaintTracking::Configuration {
from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select source.getNode(), source, sink, "This stack trace is exposed to a remote user $@.",
sink.getNode(), "here"
select sink.getNode(), source, sink,
"Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
"here"

5
python/ql/src/Security/CWE-209/StackTraceExposure.ql
View File

@@ -19,5 +19,6 @@ import DataFlow::PathGraph
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "$@ may be exposed to an external user", source.getNode(),
"Error information"
select sink.getNode(), source, sink,
"Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
"here"