hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1495 from asger-semmle/array-taint-step

Browse Source 
Approved by xiemaisi
This commit is contained in:
semmle-qlci
2019-06-27 12:16:17 +01:00
committed by GitHub
parent d45b4175cb 57dac1d0d5
commit 44bd540c44
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -268,7 +268,8 @@ module TaintTracking {
(name = "map" or name = "forEach") and
(i = 0 or i = 2) and
call.getArgument(0).analyze().getAValue().(AbstractFunction).getFunction() = f and
pred.(DataFlow::SourceNode).getAMethodCall(name) = call and
call.(DataFlow::MethodCallNode).getMethodName() = name and
pred = call.getReceiver() and
succ = DataFlow::parameterNode(f.getParameter(i))
)
or

1
javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
View File

@@ -8,6 +8,7 @@ typeInferenceMismatch
| addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x |
| addexpr.js:11:15:11:22 | source() | addexpr.js:21:8:21:12 | value |
| advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v |
| array-callback.js:2:23:2:30 | source() | array-callback.js:4:10:4:10 | x |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:4:8:4:8 | x |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x |

6
javascript/ql/test/library-tests/TaintTracking/array-callback.js Normal file
View File

@@ -0,0 +1,6 @@
async function test() {
let promisedTaint = source();
(await promisedTaint).map(x => {
sink(x); // NOT OK
});
}

4
javascript/ql/test/query-tests/Security/CWE-079/StoredXss.expected
View File

@@ -5,6 +5,7 @@ nodes
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:33:19:33:24 | files2 |
@@ -15,10 +16,11 @@ nodes
edges
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |