hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update some queries that used data as source

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-18 11:54:40 +00:00
parent 506ddaf3f4
commit 7393844699
7 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
View File

@@ -23,7 +23,7 @@ module CleartextLogging {
* A data flow sink for clear-text logging of sensitive information.
*/
abstract class Sink extends DataFlow::Node {
DataFlow::FlowLabel getLabel() { result.isDataOrTaint() }
DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/**
@@ -127,7 +127,7 @@ module CleartextLogging {
override string describe() { result = "an access to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** An access to a variable or property that might contain a password. */
@@ -153,7 +153,7 @@ module CleartextLogging {
override string describe() { result = "an access to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** A call that might return a password. */
@@ -167,7 +167,7 @@ module CleartextLogging {
override string describe() { result = "a call to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** An access to the sensitive object `process.env`. */
@@ -177,7 +177,7 @@ module CleartextLogging {
override string describe() { result = "process environment" }
override DataFlow::FlowLabel getLabel() {
result.isData() or
result.isTaint() or
result instanceof PartiallySensitiveMap
}
}

4
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
View File

@@ -53,7 +53,7 @@ module UnsafeDynamicMethodAccess {
hasUnsafeMethods(read.getBase().getALocalSource()) and
src = read.getPropertyNameExpr().flow() and
dst = read and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
dstlabel = unsafeFunction()
)
or
@@ -62,7 +62,7 @@ module UnsafeDynamicMethodAccess {
not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and
src = proj.getASelector() and
dst = proj and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
dstlabel = unsafeFunction()
)
}

2
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
View File

@@ -19,7 +19,7 @@ module UnsafeDynamicMethodAccess {
/**
* Gets the flow label relevant for this source.
*/
DataFlow::FlowLabel getFlowLabel() { result = data() }
DataFlow::FlowLabel getFlowLabel() { result = taint() }
}
/**

2
javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
View File

@@ -40,7 +40,7 @@ module UnvalidatedDynamicMethodCall {
exists(DataFlow::PropRead read |
src = read.getPropertyNameExpr().flow() and
dst = read and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
(
dstlabel instanceof MaybeNonFunction
or

4
javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
View File

@@ -19,9 +19,9 @@ module UnvalidatedDynamicMethodCall {
/**
* Gets the flow label relevant for this source.
*/
DataFlow::FlowLabel getFlowLabel() { result = data() }
DataFlow::FlowLabel getFlowLabel() { result = taint() }
}
/**
* A data flow sink for unvalidated dynamic method calls.
*/

4
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -65,8 +65,6 @@ nodes
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
@@ -148,8 +146,6 @@ edges
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |

6
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -89,8 +89,6 @@ nodes
| passwords.js:123:31:123:38 | password |
| passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:127:9:132:5 | config |
| passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password |
@@ -99,7 +97,6 @@ nodes
| passwords.js:131:12:131:24 | getPassword() |
| passwords.js:135:17:135:22 | config |
| passwords.js:135:17:135:22 | config |
| passwords.js:135:17:135:22 | config |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:137:17:137:24 | config.y |
@@ -226,9 +223,6 @@ edges
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |