hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port barriers in UrlConcatenation.qll

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:08:56 +02:00
parent 7a1aead831
commit 395f52303c
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll
View File

@@ -103,8 +103,16 @@ predicate hostnameSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sin
class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith { class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith {
HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) } HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) }
override predicate sanitizes(boolean outcome, Expr e) { override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
/** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */
predicate blocksExpr(boolean outcome, Expr e) {
outcome = this.getPolarity() and outcome = this.getPolarity() and
e = this.getBaseString().asExpr() e = this.getBaseString().asExpr()
} }
} }
/**
* A check that sanitizes the hostname of a URL.
*/
module HostnameSanitizerGuard = DataFlow::MakeBarrierGuard<HostnameSanitizerGuard>;