hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port CorsMisconfigurationForCredentials

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:13:42 +02:00
parent f14303acea
commit 30f1fbc10d
3 changed files with 32 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll
View File

@@ -14,7 +14,26 @@ import CorsMisconfigurationForCredentialsCustomizations::CorsMisconfigurationFor
/**
* A data flow configuration for CORS misconfiguration for credentials transfer.
*/
class Configuration extends TaintTracking::Configuration {
module CorsMisconfigurationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) {
node instanceof Sanitizer or
node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode()
}
}
/**
* Data flow for CORS misconfiguration for credentials transfer.
*/
module CorsMisconfigurationFlow = TaintTracking::Global<CorsMisconfigurationConfig>;
/**
* DEPRECATED. Use the `CorsMisconfigurationFlow` module instead.
*/
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "CorsMisconfigurationForCredentials" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }