hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix flowLabels

Browse Source
This commit is contained in:
amammad
2023-10-08 11:00:07 +02:00
parent f41bc1f631
commit 41e7b91d78
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
View File

@@ -53,8 +53,8 @@ class WorkerThreads extends DataFlow::Node {
}
}
class WorkerThreadsLabel extends FlowLabel {
WorkerThreadsLabel() { this = "worker_threads" }
class URLConstructorLabel extends FlowLabel {
URLConstructorLabel() { this = "URLConstructorLabel" }
}
class DynamicImportLabel extends FlowLabel {
@@ -67,15 +67,12 @@ class DynamicImportLabel extends FlowLabel {
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "CodeInjection" }
override predicate isSource(DataFlow::Node source, FlowLabel label) {
source instanceof RemoteFlowSource and
(label instanceof DynamicImportLabel or label instanceof WorkerThreadsLabel)
}
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof DynamicImport }
override predicate isSink(DataFlow::Node sink, FlowLabel label) {
sink instanceof DynamicImport and label instanceof DynamicImportLabel
or
sink instanceof WorkerThreads and label instanceof WorkerThreadsLabel
sink instanceof WorkerThreads and label instanceof URLConstructorLabel
}
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
@@ -87,8 +84,8 @@ class Configuration extends TaintTracking::Configuration {
newUrl = DataFlow::globalVarRef("URL").getAnInstantiation() and
pred = newUrl.getArgument(0)
) and
predlbl instanceof WorkerThreadsLabel and
succlbl instanceof WorkerThreadsLabel
predlbl instanceof StandardFlowLabel and
succlbl instanceof URLConstructorLabel
}
}