hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port meta queries

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:28:27 +02:00
parent c55300d4b0
commit 43be45207d
4 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/src/meta/alerts/TaintedNodes.ql
View File

@@ -12,20 +12,20 @@
import javascript
import meta.internal.TaintMetrics
class BasicTaintConfiguration extends TaintTracking::Configuration {
BasicTaintConfiguration() { this = "BasicTaintConfiguration" }
module BasicTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
// To reduce noise from synthetic nodes, only count value nodes
node instanceof DataFlow::ValueNode and
not node.getFile() instanceof IgnoredFile
}
}
module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
// Avoid linking to the source as this would upset the statistics: nodes reachable
// from multiple sources would be counted multilpe times, and that's not what we intend to measure.
// from multiple sources would be counted multiple times, and that's not what we intend to measure.
from DataFlow::Node node
where any(BasicTaintConfiguration cfg).hasFlow(_, node)
where BasicTaintFlow::flowTo(node)
select node, "Tainted node"

12
javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql
View File

@@ -11,12 +11,12 @@
import javascript
import meta.internal.TaintMetrics
class BasicTaintConfiguration extends TaintTracking::Configuration {
BasicTaintConfiguration() { this = "BasicTaintConfiguration" }
module BasicTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() }
predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() }
}
select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node))
module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node))

12
javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql
View File

@@ -11,12 +11,12 @@
import javascript
import meta.internal.TaintMetrics
class BasicTaintConfiguration extends TaintTracking::Configuration {
BasicTaintConfiguration() { this = "BasicTaintConfiguration" }
module BasicTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() }
override predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() }
override predicate isSink(DataFlow::Node node) { node = relevantTaintSink() }
predicate isSink(DataFlow::Node node) { node = relevantTaintSink() }
}
select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node))
module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node))

12
javascript/ql/src/meta/analysis-quality/TaintedNodes.ql
View File

@@ -12,16 +12,16 @@
import javascript
import meta.internal.TaintMetrics
class BasicTaintConfiguration extends TaintTracking::Configuration {
BasicTaintConfiguration() { this = "BasicTaintConfiguration" }
module BasicTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSink(DataFlow::Node node) {
predicate isSink(DataFlow::Node node) {
// To reduce noise from synthetic nodes, only count value nodes
node instanceof DataFlow::ValueNode and
not node.getFile() instanceof IgnoredFile
}
}
select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node))
module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;
select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node))