hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port experimental queries

Browse Source
This commit is contained in:
Asger F
2023-10-04 21:19:46 +02:00
parent aa5a2836f5
commit 449ec72dbe
16 changed files with 133 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll
View File

@@ -53,11 +53,17 @@ class TaintedPathAtmConfig extends AtmConfig {
*/
private class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode instanceof TaintedPath::BarrierGuardNode
{
override predicate sanitizes(boolean outcome, Expr e) {
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
predicate blocksExpr(boolean outcome, Expr e) {
this.blocks(outcome, e) or this.blocks(outcome, e, _)
}
override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) {
this.blocksExpr(outcome, e, lbl)
}
predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) {
this.sanitizes(outcome, e) and exists(label)
}
}

4
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
View File

@@ -59,7 +59,9 @@ class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNo
)
}
override predicate sanitizes(boolean outcome, Expr e) {
override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) }
predicate blocksExpr(boolean outcome, Expr e) {
polarity = outcome and
e = operand
}