hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: recognize CSRF middleware from lusca package

Browse Source
This commit is contained in:
Asger F
2018-09-21 13:15:17 +01:00
parent 69962bd06c
commit 5f467d2fc5
3 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
View File

@@ -38,12 +38,15 @@ predicate hasCookieMiddleware(Express::RouteHandlerExpr expr, Express::RouteHand
* // protected from CSRF
* })
* ```
*
* Currently the predicate only detects `csurf`-based protectors.
*/
DataFlow::CallNode csrfMiddlewareCreation() {
exists (DataFlow::ModuleImportNode mod | result = mod.getACall() |
mod.getPath() = "csurf"
exists (DataFlow::SourceNode callee | result = callee.getACall() |
callee = DataFlow::moduleImport("csurf")
or
callee = DataFlow::moduleImport("lusca") and
result.getOptionArgument(0, "csrf").analyze().getABooleanValue() = true // any truthy value will enable CSRF
or
callee = DataFlow::moduleMember("lusca", "csrf")
)
}