hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add ClientRequest::getHost

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-12-17 10:28:01 +01:00
parent 3a5962aa34
commit 60fe0176ed
9 changed files with 85 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
View File

@@ -21,6 +21,11 @@ abstract class CustomClientRequest extends DataFlow::InvokeNode {
*/
abstract DataFlow::Node getUrl();
/**
* Gets the host of the request.
*/
abstract DataFlow::Node getHost();
/**
* Gets a node that contributes to the data-part this request.
*/
@@ -50,6 +55,13 @@ class ClientRequest extends DataFlow::InvokeNode {
result = custom.getUrl()
}
/**
* Gets the host of the request.
*/
DataFlow::Node getHost() {
result = custom.getHost()
}
/**
* Gets a node that contributes to the data-part this request.
*/
@@ -102,6 +114,10 @@ private class RequestUrlRequest extends CustomClientRequest {
result = getOptionArgument(0, urlPropertyName())
}
override DataFlow::Node getHost() {
none()
}
override DataFlow::Node getADataNode() {
result = getArgument(1)
}
@@ -126,10 +142,18 @@ private class AxiosUrlRequest extends CustomClientRequest {
)
}
private DataFlow::Node getOptionArgument(string name) {
// depends on the method name and the call arity, over-approximating slightly in the name of simplicity
result = getOptionArgument([0..2], name)
}
override DataFlow::Node getUrl() {
result = getArgument(0) or
// depends on the method name and the call arity, over-approximating slightly in the name of simplicity
result = getOptionArgument([0..2], urlPropertyName())
result = getOptionArgument(urlPropertyName())
}
override DataFlow::Node getHost() {
result = getOptionArgument("host")
}
override DataFlow::Node getADataNode() {
@@ -176,6 +200,8 @@ private class FetchUrlRequest extends CustomClientRequest {
result = url
}
override DataFlow::Node getHost() { none() }
override DataFlow::Node getADataNode() {
exists (string name |
name = "headers" or name = "body" |
@@ -206,6 +232,14 @@ private class GotUrlRequest extends CustomClientRequest {
not exists (getOptionArgument(1, "baseUrl"))
}
override DataFlow::Node getHost() {
exists (string name |
name = "host" or
name = "hostname" |
result = getOptionArgument(1, name)
)
}
override DataFlow::Node getADataNode() {
exists (string name |
name = "headers" or name = "body" or name = "query" |
@@ -235,6 +269,8 @@ private class SuperAgentUrlRequest extends CustomClientRequest {
result = url
}
override DataFlow::Node getHost() { none() }
override DataFlow::Node getADataNode() {
exists (string name |
name = "set" or name = "send" or name = "query" |
@@ -252,5 +288,6 @@ private class XMLHttpRequest extends CustomClientRequest {
override DataFlow::Node getUrl() { result = getAMethodCall("open").getArgument(1) }
override DataFlow::Node getHost() { none() }
override DataFlow::Node getADataNode() { result = getAMethodCall("send").getArgument(0) }
}

8
javascript/ql/src/semmle/javascript/frameworks/Electron.qll
View File

@@ -64,6 +64,14 @@ module Electron {
result = getOptionArgument(0, "url")
}
override DataFlow::Node getHost() {
exists (string name |
name = "host" or
name = "hostname" |
result = getOptionArgument(0, name)
)
}
override DataFlow::Node getADataNode() {
exists (string name |
name = "write" or name = "end" |

8
javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll
View File

@@ -737,6 +737,14 @@ module NodeJSLib {
result = url
}
override DataFlow::Node getHost() {
exists (string name |
name = "host" or
name = "hostname" |
result = getOptionArgument(1, name)
)
}
override DataFlow::Node getADataNode() {
exists (string name |
name = "write" or name = "end" |

2
javascript/ql/src/semmle/javascript/frameworks/jQuery.qll
View File

@@ -359,5 +359,7 @@ private class JQueryClientRequest extends CustomClientRequest {
result = getOptionArgument([0 .. 1], "url")
}
override DataFlow::Node getHost() { none() }
override DataFlow::Node getADataNode() { result = getOptionArgument([0 .. 1], "data") }
}