JS: Update some queries that used data as source

2025-12-21 11:16:30 +01:00 · 2020-03-18 11:54:40 +00:00
parent 506ddaf3f4
commit 7393844699
7 changed files with 11 additions and 21 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
@@ -23,7 +23,7 @@ module CleartextLogging {
   * A data flow sink for clear-text logging of sensitive information.
   */
  abstract class Sink extends DataFlow::Node {
-    DataFlow::FlowLabel getLabel() { result.isDataOrTaint() }
+    DataFlow::FlowLabel getLabel() { result.isTaint() }
  }
  /**
@@ -127,7 +127,7 @@ module CleartextLogging {
    override string describe() { result = "an access to " + name }
-    override DataFlow::FlowLabel getLabel() { result.isData() }
+    override DataFlow::FlowLabel getLabel() { result.isTaint() }
  }
  /** An access to a variable or property that might contain a password. */
@@ -153,7 +153,7 @@ module CleartextLogging {
    override string describe() { result = "an access to " + name }
-    override DataFlow::FlowLabel getLabel() { result.isData() }
+    override DataFlow::FlowLabel getLabel() { result.isTaint() }
  }
  /** A call that might return a password. */
@@ -167,7 +167,7 @@ module CleartextLogging {
    override string describe() { result = "a call to " + name }
-    override DataFlow::FlowLabel getLabel() { result.isData() }
+    override DataFlow::FlowLabel getLabel() { result.isTaint() }
  }
  /** An access to the sensitive object `process.env`. */
@@ -177,7 +177,7 @@ module CleartextLogging {
    override string describe() { result = "process environment" }
    override DataFlow::FlowLabel getLabel() {
-      result.isData() or
+      result.isTaint() or
      result instanceof PartiallySensitiveMap
    }
  }
--- a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccess.qll
@@ -53,7 +53,7 @@ module UnsafeDynamicMethodAccess {
        hasUnsafeMethods(read.getBase().getALocalSource()) and
        src = read.getPropertyNameExpr().flow() and
        dst = read and
-        (srclabel = data() or srclabel = taint()) and
+        srclabel.isTaint() and
        dstlabel = unsafeFunction()
      )
      or
@@ -62,7 +62,7 @@ module UnsafeDynamicMethodAccess {
        not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and
        src = proj.getASelector() and
        dst = proj and
-        (srclabel = data() or srclabel = taint()) and
+        srclabel.isTaint() and
        dstlabel = unsafeFunction()
      )
    }
--- a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll
@@ -19,7 +19,7 @@ module UnsafeDynamicMethodAccess {
    /**
     * Gets the flow label relevant for this source.
     */
-    DataFlow::FlowLabel getFlowLabel() { result = data() }
+    DataFlow::FlowLabel getFlowLabel() { result = taint() }
  }
  /**
--- a/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCall.qll
@@ -40,7 +40,7 @@ module UnvalidatedDynamicMethodCall {
      exists(DataFlow::PropRead read |
        src = read.getPropertyNameExpr().flow() and
        dst = read and
-        (srclabel = data() or srclabel = taint()) and
+        srclabel.isTaint() and
        (
          dstlabel instanceof MaybeNonFunction
          or
--- a/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
@@ -19,7 +19,7 @@ module UnvalidatedDynamicMethodCall {
    /**
     * Gets the flow label relevant for this source.
     */
-    DataFlow::FlowLabel getFlowLabel() { result = data() }
+    DataFlow::FlowLabel getFlowLabel() { result = taint() }
  }
  /**
--- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -65,8 +65,6 @@ nodes
 | promises.js:5:44:5:57 | req.query.data |
 | promises.js:5:44:5:57 | req.query.data |
 | promises.js:6:11:6:11 | x |
 | promises.js:6:11:6:11 | x |
 | promises.js:6:25:6:25 | x |
 | promises.js:6:25:6:25 | x |
 | promises.js:6:25:6:25 | x |
 | tst2.js:6:7:6:30 | p |
@@ -148,8 +146,6 @@ edges
 | promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
 | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
 | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
 | tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -89,8 +89,6 @@ nodes
 | passwords.js:123:31:123:38 | password |
 | passwords.js:123:31:123:48 | password.valueOf() |
 | passwords.js:127:9:132:5 | config |
 | passwords.js:127:9:132:5 | config |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } |
 | passwords.js:130:12:130:19 | password |
@@ -99,7 +97,6 @@ nodes
 | passwords.js:131:12:131:24 | getPassword() |
 | passwords.js:135:17:135:22 | config |
 | passwords.js:135:17:135:22 | config |
 | passwords.js:135:17:135:22 | config |
 | passwords.js:136:17:136:24 | config.x |
 | passwords.js:136:17:136:24 | config.x |
 | passwords.js:137:17:137:24 | config.y |
@@ -226,9 +223,6 @@ edges
 | passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name +  ... lueOf() |
 | passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
 | passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
 | passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
 | passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } | passwords.js:127:9:132:5 | config |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } | passwords.js:127:9:132:5 | config |
 | passwords.js:127:18:132:5 | {\\n      ... )\\n    } | passwords.js:127:9:132:5 | config |
 | passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n      ... )\\n    } |