JavaScript: Refactor security queries for uniformity.

2026-04-30 03:05:15 +02:00 · 2018-11-08 12:41:44 +00:00
parent 9b4ae9e4d3
commit 65bcf0f526
23 changed files with 56 additions and 62 deletions
--- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -14,7 +14,7 @@
 import javascript
 import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss

-from Configuration xss, DataFlow::Node source, DataFlow::Node sink
-where xss.hasFlow(source, sink)
+from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
+where cfg.hasFlow(source, sink)
 select sink, "Cross-site scripting vulnerability due to $@.",
       source, "user-provided value"
--- a/javascript/ql/src/Security/CWE-079/StoredXss.ql
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql
@@ -14,7 +14,7 @@
 import javascript
 import semmle.javascript.security.dataflow.StoredXss::StoredXss

-from Configuration xss, DataFlow::Node source, DataFlow::Node sink
-where xss.hasFlow(source, sink)
+from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
+where cfg.hasFlow(source, sink)
 select sink, "Stored cross-site scripting vulnerability due to $@.",
       source, "stored value"
--- a/javascript/ql/src/Security/CWE-079/Xss.ql
+++ b/javascript/ql/src/Security/CWE-079/Xss.ql
@@ -14,7 +14,7 @@
 import javascript
 import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss

-from Configuration xss, DataFlow::Node source, Sink sink
-where xss.hasFlow(source, sink)
-select sink, sink.getVulnerabilityKind() + " vulnerability due to $@.",
+from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
+where cfg.hasFlow(source, sink)
+select sink, sink.(Sink).getVulnerabilityKind() + " vulnerability due to $@.",
       source, "user-provided value"