hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: update 'credentials[%]' sink kind to 'credentials-%'

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-12 15:12:53 -04:00
parent 7880e9e92c
commit 359f6ffd1e
3 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll
View File

@@ -46,7 +46,7 @@ module CredentialsExpr {
private class CredentialsFromModel extends CredentialsNode {
string kind;
CredentialsFromModel() { this = ModelOutput::getASinkNode("credentials[" + kind + "]").asSink() }
CredentialsFromModel() { this = ModelOutput::getASinkNode("credentials-" + kind).asSink() }
override string getCredentialsKind() { result = CredentialsExpr::normalizeKind(kind) }
}

8
javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json
View File

@@ -19,10 +19,10 @@
"sequelize.Sequelize;Member[query].Argument[0].Member[query];sql-injection",
"sequelize.Sequelize;Member[query].Argument[0];sql-injection",
"sequelize.SequelizeStaticAndInstance;Member[asIs,literal].Argument[0];sql-injection",
"sequelize;Argument[0..].Member[password];credentials[password]",
"sequelize;Argument[0..].Member[username];credentials[username]",
"sequelize;Argument[1];credentials[username]",
"sequelize;Argument[2];credentials[password]"
"sequelize;Argument[0..].Member[password];credentials-password",
"sequelize;Argument[0..].Member[username];credentials-username",
"sequelize;Argument[1];credentials-username",
"sequelize;Argument[2];credentials-password"
],
"typeDefinitions": [
"sequelize.Sequelize;sequelize-typescript.Sequelize;"

16
javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml
View File

@@ -1,17 +1,17 @@
extensions:
- addsTo:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- [sequelize.Sequelize, "Member[query].Argument[0].Member[query]", "sql-injection"]
- [sequelize.Sequelize, "Member[query].Argument[0]", "sql-injection"]
- [sequelize.SequelizeStaticAndInstance, "Member[asIs,literal].Argument[0]", "sql-injection"]
- [sequelize, "Argument[0..].Member[password]", "credentials[password]"]
- [sequelize, "Argument[0..].Member[username]", "credentials[username]"]
- [sequelize, "Argument[1]", "credentials[username]"]
- [sequelize, "Argument[2]", "credentials[password]"]
- [sequelize, "Argument[0..].Member[password]", "credentials-password"]
- [sequelize, "Argument[0..].Member[username]", "credentials-username"]
- [sequelize, "Argument[1]", "credentials-username"]
- [sequelize, "Argument[2]", "credentials-password"]
- addsTo:
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
@@ -264,7 +264,7 @@ extensions:
- [sequelize.ThroughOptions, sequelize.AssociationOptionsBelongsToMany, "Member[through]"]
- [sequelize.Utils, sequelize.SequelizeStaticAndInstance, "Member[Utils]"]
- addsTo:
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
@@ -274,7 +274,7 @@ extensions:
- [sequelize.Model, "", "", "Member[schema,scope,unscoped].ReturnValue", type]
- [sequelize.Model, "", "", "Member[sync].ReturnValue.Awaited", type]
- addsTo:
- addsTo:
pack: codeql/javascript-all
extensible: typeVariableModel
data: