hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove redundant code

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-11-15 16:17:18 +01:00
parent d36312cf9f
commit 4073dfaf24
2 changed files with 8 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
View File

@@ -14,29 +14,21 @@ module ExceptionXss {
import Xss::StoredXss as StoredXss import Xss::StoredXss as StoredXss
import Xss as XSS import Xss as XSS
DataFlow::ExceptionalInvocationReturnNode getCallerExceptionalReturn(DataFlow::FunctionNode func) { DataFlow::ExceptionalInvocationReturnNode getCallerExceptionalReturn(Function func) {
exists(DataFlow::InvokeNode call | exists(DataFlow::InvokeNode call |
not call.isImprecise() and not call.isImprecise() and
func.getFunction() = call.(DataFlow::InvokeNode).getACallee() and func = call.(DataFlow::InvokeNode).getACallee() and
result = call.getExceptionalReturn() result = call.getExceptionalReturn()
) )
} }
DataFlow::Node getExceptionalSuccssor(DataFlow::Node pred) { DataFlow::Node getExceptionalSuccssor(DataFlow::Node pred) {
exists(DataFlow::FunctionNode func | if exists(getEnclosingTryStmt(pred.asExpr().getEnclosingStmt()))
pred.getContainer() = func.getFunction() and then
if exists(getEnclosingTryStmt(pred.asExpr().getEnclosingStmt())) result.(DataFlow::ParameterNode).getParameter() = getEnclosingTryStmt(pred
then .asExpr()
result.(DataFlow::ParameterNode).getParameter() = getEnclosingTryStmt(pred .getEnclosingStmt()).getACatchClause().getAParameter()
.asExpr() else result = getCallerExceptionalReturn(pred.getContainer())
.getEnclosingStmt()).getACatchClause().getAParameter()
else result = getCallerExceptionalReturn(func)
)
or
exists(DataFlow::InvokeNode call |
pred = call.getExceptionalReturn() and
result = getExceptionalSuccssor(call)
)
} }
predicate canThrowSensitiveInformation(DataFlow::Node node) { predicate canThrowSensitiveInformation(DataFlow::Node node) {

9
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
View File

@@ -9,7 +9,6 @@ nodes
| exception-xss.js:11:18:11:18 | e | | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:11:18:11:18 | e | | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:15:9:15:11 | foo | | exception-xss.js:15:9:15:11 | foo |
| exception-xss.js:16:10:16:10 | e | | exception-xss.js:16:10:16:10 | e |
| exception-xss.js:17:18:17:18 | e | | exception-xss.js:17:18:17:18 | e |
@@ -36,7 +35,6 @@ nodes
| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
| exception-xss.js:42:9:42:9 | x | | exception-xss.js:42:9:42:9 | x |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:8:46:18 | "bar" + foo | | exception-xss.js:46:8:46:18 | "bar" + foo |
| exception-xss.js:46:16:46:18 | foo | | exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:47:10:47:10 | e | | exception-xss.js:47:10:47:10 | e |
@@ -46,7 +44,6 @@ nodes
| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
| exception-xss.js:75:10:75:10 | x | | exception-xss.js:75:10:75:10 | x |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:81:16:81:18 | foo | | exception-xss.js:81:16:81:18 | foo |
| exception-xss.js:82:10:82:10 | e | | exception-xss.js:82:10:82:10 | e |
| exception-xss.js:83:18:83:18 | e | | exception-xss.js:83:18:83:18 | e |
@@ -81,14 +78,12 @@ edges
| exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo | | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:4:20:4:20 | x | exception-xss.js:5:14:5:14 | x | | exception-xss.js:4:20:4:20 | x | exception-xss.js:5:14:5:14 | x |
| exception-xss.js:5:14:5:14 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | | exception-xss.js:5:14:5:14 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:5:14:5:14 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:5:14:5:14 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | | exception-xss.js:5:14:5:14 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
| exception-xss.js:5:14:5:14 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | | exception-xss.js:5:14:5:14 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:10:10:10 | e | | exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:10:10:10 | e |
| exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e | | exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e | | exception-xss.js:10:10:10:10 | e | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:10:16:10 | e | | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:10:16:10 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:10:16:10 | e |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:20:4:20 | x | | exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:20:4:20 | x |
| exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e | | exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e |
| exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e | | exception-xss.js:16:10:16:10 | e | exception-xss.js:17:18:17:18 | e |
@@ -106,23 +101,19 @@ edges
| exception-xss.js:34:10:34:10 | e | exception-xss.js:35:18:35:18 | e | | exception-xss.js:34:10:34:10 | e | exception-xss.js:35:18:35:18 | e |
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x |
| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | | exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x |
| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x |
| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:20:4:20 | x | | exception-xss.js:42:9:42:9 | x | exception-xss.js:4:20:4:20 | x |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:10:47:10 | e | | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:10:47:10 | e |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:10:47:10 | e |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | | exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x |
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | | exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo |
| exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e | | exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e |
| exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e | | exception-xss.js:47:10:47:10 | e | exception-xss.js:48:18:48:18 | e |
| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x |
| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:20:4:20 | x | | exception-xss.js:75:10:75:10 | x | exception-xss.js:4:20:4:20 | x |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:10:82:10 | e | | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:10:82:10 | e |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:10:82:10 | e |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | | exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x |
| exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e | | exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e |
| exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e | | exception-xss.js:82:10:82:10 | e | exception-xss.js:83:18:83:18 | e |