hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add database threat-model source modeling

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-10-29 14:57:17 +01:00
parent 7c7420a9a4
commit 3656864695
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/test/library-tests/threat-models/sources/sources.js
View File

@@ -42,3 +42,16 @@ const program = new Command();
program.parse(process.argv); // $ threat-source=commandargs
SINK(program.opts().foo); // $ hasFlow SPURIOUS: threat-source=commandargs
// ------ reading from database ------
// Accessing database using mysql
const mysql = require('mysql');
const connection = mysql.createConnection({host: 'localhost'});
connection.connect();
connection.query('SELECT 1 + 1 AS solution', function (error, results, fields) { // $ threat-source=database
if (error) throw error;
SINK(results); // $ hasFlow
SINK(results[0]); // $ hasFlow
SINK(results[0].solution); // $ hasFlow
});