JS: Port TaintedPath

2026-03-05 15:16:47 +01:00 · 2023-10-04 21:22:38 +02:00
parent fcfab5238e
commit 65e9706c8e
8 changed files with 655 additions and 9929 deletions
--- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql
+++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql
@@ -17,9 +17,9 @@

 import javascript
 import semmle.javascript.security.dataflow.TaintedPathQuery
-import DataFlow::PathGraph
+import DataFlow::DeduplicatePathGraph<TaintedPathFlow::PathNode, TaintedPathFlow::PathGraph>

-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from PathNode source, PathNode sink
+where TaintedPathFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode())
 select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
  "user-provided value"