hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add more libraries that serve static files to js/exposure-of-private-files

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-06-17 09:58:32 +02:00
parent ac1a0d9925
commit 6675ddae12
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
View File

@@ -105,7 +105,10 @@ DataFlow::Node getAPrivateFolderPath(string description) {
* Gest a call that serves the folder `path` to the public.
*/
DataFlow::CallNode servesAPrivateFolder(string description) {
result = DataFlow::moduleMember("express", "static").getACall() and
result = DataFlow::moduleMember(["express", "connect"], "static").getACall() and
result.getArgument(0) = getAPrivateFolderPath(description)
or
result = DataFlow::moduleImport("serve-static").getACall() and
result.getArgument(0) = getAPrivateFolderPath(description)
}