hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add basic support for indirect route handlers

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-09-15 23:30:23 +02:00
parent 3d07ba9d0b
commit 43e5c0212c
4 changed files with 51 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
View File

@@ -46,7 +46,12 @@ private DataFlow::SourceNode getARouteUsingCookies(DataFlow::TypeTracker t) {
t.start() and
isRouteHandlerUsingCookies(result)
or
exists(DataFlow::TypeTracker t2 | result = getARouteUsingCookies(t2).track(t2, t))
exists(DataFlow::TypeTracker t2, DataFlow::SourceNode pred | pred = getARouteUsingCookies(t2) |
result = pred.track(t2, t)
or
t = t2 and
Express::routeHandlerStep(pred, result)
)
}
/** Gets a data flow node referring to a route handler that uses cookies. */