hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update some queries that used data as source

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-18 11:54:40 +00:00
parent 506ddaf3f4
commit 7393844699
7 changed files with 11 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
View File

@@ -23,7 +23,7 @@ module CleartextLogging {
* A data flow sink for clear-text logging of sensitive information.
*/
abstract class Sink extends DataFlow::Node {
DataFlow::FlowLabel getLabel() { result.isDataOrTaint() }
DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/**
@@ -127,7 +127,7 @@ module CleartextLogging {
override string describe() { result = "an access to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** An access to a variable or property that might contain a password. */
@@ -153,7 +153,7 @@ module CleartextLogging {
override string describe() { result = "an access to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** A call that might return a password. */
@@ -167,7 +167,7 @@ module CleartextLogging {
override string describe() { result = "a call to " + name }
override DataFlow::FlowLabel getLabel() { result.isData() }
override DataFlow::FlowLabel getLabel() { result.isTaint() }
}
/** An access to the sensitive object `process.env`. */
@@ -177,7 +177,7 @@ module CleartextLogging {
override string describe() { result = "process environment" }
override DataFlow::FlowLabel getLabel() {
result.isData() or
result.isTaint() or
result instanceof PartiallySensitiveMap
}
}

4
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
View File

@@ -53,7 +53,7 @@ module UnsafeDynamicMethodAccess {
hasUnsafeMethods(read.getBase().getALocalSource()) and
src = read.getPropertyNameExpr().flow() and
dst = read and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
dstlabel = unsafeFunction()
)
or
@@ -62,7 +62,7 @@ module UnsafeDynamicMethodAccess {
not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and
src = proj.getASelector() and
dst = proj and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
dstlabel = unsafeFunction()
)
}

2
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
View File

@@ -19,7 +19,7 @@ module UnsafeDynamicMethodAccess {
/**
* Gets the flow label relevant for this source.
*/
DataFlow::FlowLabel getFlowLabel() { result = data() }
DataFlow::FlowLabel getFlowLabel() { result = taint() }
}
/**

2
javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
View File

@@ -40,7 +40,7 @@ module UnvalidatedDynamicMethodCall {
exists(DataFlow::PropRead read |
src = read.getPropertyNameExpr().flow() and
dst = read and
(srclabel = data() or srclabel = taint()) and
srclabel.isTaint() and
(
dstlabel instanceof MaybeNonFunction
or

4
javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
View File

@@ -19,9 +19,9 @@ module UnvalidatedDynamicMethodCall {
/**
* Gets the flow label relevant for this source.
*/
DataFlow::FlowLabel getFlowLabel() { result = data() }
DataFlow::FlowLabel getFlowLabel() { result = taint() }
}
/**
* A data flow sink for unvalidated dynamic method calls.
*/