hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update query17 from intro tutorial

Browse Source
This commit is contained in:
Asger F
2024-11-29 09:47:34 +01:00
parent 2722c45737
commit 2db89c1b02
2 changed files with 28 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll
View File

@@ -1,23 +1,20 @@
import javascript
class PasswordTracker extends DataFlow::Configuration {
PasswordTracker() {
// unique identifier for this configuration
this = "PasswordTracker"
}
module PasswordConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node nd) { nd.asExpr() instanceof StringLiteral }
override predicate isSource(DataFlow::Node nd) { nd.asExpr() instanceof StringLiteral }
override predicate isSink(DataFlow::Node nd) { this.passwordVarAssign(_, nd) }
predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
v.getAnAssignedExpr() = nd.asExpr() and
v.getName().toLowerCase() = "password"
}
predicate isSink(DataFlow::Node nd) { passwordVarAssign(_, nd) }
}
predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
v.getAnAssignedExpr() = nd.asExpr() and
v.getName().toLowerCase() = "password"
}
module PasswordFlow = DataFlow::Global<PasswordConfig>;
query predicate test_query17(DataFlow::Node sink, string res) {
exists(PasswordTracker pt, Variable v | pt.hasFlow(_, sink) and pt.passwordVarAssign(v, sink) |
exists(Variable v | PasswordFlow::flow(_, sink) and passwordVarAssign(v, sink) |
res = "Password variable " + v.toString() + " is assigned a constant string."
)
}