From 52ae75727992aa44ae24abe58e609f0dd67b89be Mon Sep 17 00:00:00 2001 From: Max Schaefer Date: Thu, 8 Nov 2018 15:01:45 +0000 Subject: [PATCH] JavaScript: Select `Node`s (instead of `PathNode`s) everywhere. --- javascript/ql/src/Security/CWE-022/TaintedPath.ql | 3 ++- javascript/ql/src/Security/CWE-078/CommandInjection.ql | 3 ++- javascript/ql/src/Security/CWE-079/ReflectedXss.ql | 2 +- javascript/ql/src/Security/CWE-079/StoredXss.ql | 2 +- javascript/ql/src/Security/CWE-079/Xss.ql | 2 +- javascript/ql/src/Security/CWE-089/SqlInjection.ql | 3 ++- javascript/ql/src/Security/CWE-094/CodeInjection.ql | 3 ++- javascript/ql/src/Security/CWE-134/TaintedFormatString.ql | 3 ++- javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql | 3 ++- javascript/ql/src/Security/CWE-209/StackTraceExposure.ql | 2 +- javascript/ql/src/Security/CWE-312/CleartextLogging.ql | 3 ++- javascript/ql/src/Security/CWE-312/CleartextStorage.ql | 3 ++- javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql | 5 +++-- javascript/ql/src/Security/CWE-338/InsecureRandomness.ql | 3 ++- .../Security/CWE-346/CorsMisconfigurationForCredentials.ql | 4 ++-- .../ql/src/Security/CWE-400/RemotePropertyInjection.ql | 4 ++-- javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql | 3 ++- javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql | 3 ++- javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql | 3 ++- javascript/ql/src/Security/CWE-611/Xxe.ql | 2 +- .../Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql | 3 ++- javascript/ql/src/Security/CWE-643/XpathInjection.ql | 3 ++- javascript/ql/src/Security/CWE-730/RegExpInjection.ql | 3 ++- javascript/ql/src/Security/CWE-776/XmlBomb.ql | 2 +- javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql | 3 ++- javascript/ql/src/Security/CWE-807/ConditionalBypass.ql | 2 +- .../CWE-843/TypeConfusionThroughParameterTampering.ql | 3 ++- javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql | 2 +- .../ql/src/Security/CWE-916/InsufficientPasswordHash.ql | 3 ++- javascript/ql/src/Security/CWE-918/RequestForgery.ql | 3 ++- 30 files changed, 53 insertions(+), 33 deletions(-) diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index e1c44d53559..8a3e7075216 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -20,4 +20,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "This path depends on $@.", source, "a user-provided value" +select sink.getNode(), source, sink, "This path depends on $@.", + source.getNode(), "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index bef7c596dff..317c407003c 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -22,4 +22,5 @@ where cfg.hasPathFlow(source, sink) and cfg.isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() -select highlight, source, sink, "This command depends on $@.", source, "a user-provided value" +select highlight, source, sink, "This command depends on $@.", + source.getNode(), "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index a6f3a97e616..5b308800209 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", - source, "user-provided value" + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index 84e2c433fc1..f1e386c291b 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.", - source, "stored value" + source.getNode(), "stored value" diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index bed5436b0b5..b6ba13918cb 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", - source, "user-provided value" + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 7da69c8174e..6ae6d092723 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -19,4 +19,5 @@ from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode where (cfg instanceof SqlInjection::Configuration or cfg instanceof NosqlInjection::Configuration) and cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "This query depends on $@.", source, "a user-provided value" +select sink.getNode(), source, sink, "This query depends on $@.", + source.getNode(), "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index 62e1ee05c77..506e206bc0a 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -18,4 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.", source, "User-provided value" +select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.", + source.getNode(), "User-provided value" diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 0a277ccbb62..78ab720d235 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -15,4 +15,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "$@ flows here and is used in a format string.", source, "User-provided value" +select sink.getNode(), source, sink, "$@ flows here and is used in a format string.", + source.getNode(), "User-provided value" diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index 836674f6e33..22b254a8bd6 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -14,4 +14,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "$@ flows directly to outbound network request", source, "File data" +select sink.getNode(), source, sink, "$@ flows directly to outbound network request", + source.getNode(), "File data" diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index fac7de89b3d..d67d9f643ab 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "Stack trace information from $@ may be exposed to an external user here.", - source, "here" + source.getNode(), "here" diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 55615906584..34a4f5414cf 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -36,4 +36,5 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) and // ignore logging to the browser console (even though it is not a good practice) not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel()) -select sink.getNode(), source, sink, "Sensitive data returned by $@ is logged here.", source, source.getNode().(Source).describe() +select sink.getNode(), source, sink, "Sensitive data returned by $@ is logged here.", + source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 060cf8abe95..b87b266ed36 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -18,4 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Sensitive data returned by $@ is stored here.", source, source.getNode().(Source).describe() +select sink.getNode(), source, sink, "Sensitive data returned by $@ is stored here.", + source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 619a170a28e..533c8109018 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -16,5 +16,6 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) and - not source.asExpr() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash -select sink.getNode(), source, sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.(Source).describe() + not source.getNode().asExpr() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash +select sink.getNode(), source, sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", + source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 03383b1cf20..3b9df302008 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Cryptographically insecure $@ in a security context.", source, "random value" +select sink.getNode(), source, sink, "Cryptographically insecure $@ in a security context.", + source.getNode(), "random value" diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 64910083d86..44c478ea1c5 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "$@ leak vulnerability due to $@.", - sink.(Sink).getCredentialsHeader(), "Credential", - source, "a misconfigured CORS header value" + sink.getNode().(Sink).getCredentialsHeader(), "Credential", + source.getNode(), "a misconfigured CORS header value" diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index c69b4427f3a..b9af490ffb6 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -18,5 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "A $@ is used as" + sink.(Sink).getMessage(), - source, "user-provided value" +select sink.getNode(), source, sink, "A $@ is used as" + sink.getNode().(Sink).getMessage(), + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 964e3bda6e1..107868857bd 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Unsafe deserialization of $@.", source, "user input" +select sink.getNode(), source, sink, "Unsafe deserialization of $@.", + source.getNode(), "user input" diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index cda39882544..8080784e894 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -18,4 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", source, "user-provided value" +select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index da3c412e59b..62d2671c8ea 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", source, "user-provided value" +select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index db0bca561ca..914f1e4a726 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "A $@ is parsed as XML without guarding against external entity expansion.", - source, "user-provided value" + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 0d0db8cdbde..c12f0e736f5 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Links in this email can be hijacked by poisoning the HTTP host header $@.", source, "here" +select sink.getNode(), source, sink, "Links in this email can be hijacked by poisoning the HTTP host header $@.", + source.getNode(), "here" diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index f6ba0d956c1..f212e4a7a1a 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.", source, "User-provided value" +select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.", + source.getNode(), "User-provided value" diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index f77eb395f1e..3053a64f53f 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -18,4 +18,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source, "user-provided value" +select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index 39b653d5e83..733fe7fe414 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -18,4 +18,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) select sink.getNode(), source, sink, "A $@ is parsed as XML without guarding against uncontrolled entity expansion.", - source, "user-provided value" + source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index b249550c8c7..b172e28edb9 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -23,4 +23,5 @@ where cfg.hasPathFlow(source, sink) and value = "The hard-coded value \"" + source.getNode().asExpr().(ConstantString).getStringValue() + "\"" else value = "This hard-coded value" -select source.getNode(), source, sink, value + " is used as $@.", sink, sink.getNode().(Sink).getKind() +select source.getNode(), source, sink, value + " is used as $@.", + sink.getNode(), sink.getNode().(Sink).getKind() diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index e642d91ebed..f31549d259c 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -114,4 +114,4 @@ where isTaintedGuardForSensitiveAction(sink, source, action) and not isEarlyAbortGuard(sink, action) select sink.getNode(), source, sink, "This condition guards a sensitive $@, but $@ controls it.", action, "action", - source, "a user-provided value" + source.getNode(), "a user-provided value" diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index e58bfc905fc..d0499905a93 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -15,4 +15,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Potential type confusion for $@.", source, "HTTP request parameter" +select sink.getNode(), source, sink, "Potential type confusion for $@.", + source.getNode(), "HTTP request parameter" diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index ea2a464ae80..3f913ea4530 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -14,4 +14,4 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "$@ flows to file system", source, "Untrusted data" +select sink.getNode(), source, sink, "$@ flows to file system", source.getNode(), "Untrusted data" diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index 71ec7cf9b5e..37d0bb8c8c2 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -15,4 +15,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasPathFlow(source, sink) -select sink.getNode(), source, sink, "Password from $@ is hashed insecurely.", source , source.(Source).describe() +select sink.getNode(), source, sink, "Password from $@ is hashed insecurely.", + source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index c71ba0f81c4..24039a70a1a 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -16,4 +16,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request where cfg.hasPathFlow(source, sink) and request = sink.getNode().(Sink).getARequest() -select request, source, sink, "The $@ of this request depends on $@.", sink, sink.getNode().(Sink).getKind(), source, "a user-provided value" +select request, source, sink, "The $@ of this request depends on $@.", + sink.getNode(), sink.getNode().(Sink).getKind(), source, "a user-provided value"