hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

add new default cred kind

Browse Source
This commit is contained in:
am0o0
2024-07-01 14:42:34 +02:00
parent fa8c457015
commit 6ecd8b7ee8
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll
View File

@@ -12,7 +12,7 @@ import javascript
abstract class CredentialsNode extends DataFlow::Node {
/**
* Gets a description of the kind of credential this expression is used as,
* such as `"user name"`, `"password"`, `"key"`.
* such as `"user name"`, `"password"`, `"key"`, `"jwt key"`.
*/
abstract string getCredentialsKind();
}

12
javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
View File

@@ -48,7 +48,7 @@ private module JsonWebToken {
API::moduleImport("jsonwebtoken").getMember(["sign", "verify"]).getParameter(1).asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -64,7 +64,7 @@ private module Jose {
this = API::moduleImport("jose").getMember("jwtVerify").getParameter(1).asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -78,7 +78,7 @@ private module JwtSimple {
private class JwtKey extends CredentialsNode {
JwtKey() { this = API::moduleImport("jwt-simple").getMember("decode").getParameter(1).asSink() }
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -94,7 +94,7 @@ private module KoaJwt {
this = API::moduleImport("koa-jwt").getParameter(0).getMember("secret").asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -115,7 +115,7 @@ private module ExpressJwt {
.asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -145,6 +145,6 @@ private module PassportJwt {
.asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}

2
javascript/ql/lib/semmle/javascript/frameworks/Next.qll
View File

@@ -268,7 +268,7 @@ module NextJS {
this = API::moduleImport("next-auth").getParameter(0).getMember("secret").asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
}