JS: Do not extend AdditionalTaintStep in the ldap library

2026-04-30 11:15:13 +02:00 · 2020-10-20 09:07:12 +01:00
parent a92a701c35
commit 78c85775e3
2 changed files with 9 additions and 13 deletions
--- a/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qll
+++ b/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qll
@@ -14,5 +14,12 @@ module LdapInjection {
    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+
+    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(LdapjsParseFilter filter |
+        pred = filter.getArgument(0) and
+        succ = filter
+      )
+    }
  }
 }
--- a/javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
+++ b/javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
@@ -5,9 +5,10 @@
 */

 import javascript
-import Ldapjs::Ldapjs

 module LdapInjection {
+  import Ldapjs::Ldapjs
+
  /**
   * A data flow source for LDAP injection vulnerabilities.
   */
@@ -70,16 +71,4 @@ module LdapInjection {
      )
    }
  }
-
-  /**
-   * A step through the parseFilter API (https://github.com/ldapjs/node-ldapjs/issues/181).
-   */
-  class StepThroughParseFilter extends TaintTracking::AdditionalTaintStep, DataFlow::CallNode {
-    StepThroughParseFilter() { this instanceof LdapjsParseFilter }
-
-    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      pred = this.getArgument(0) and
-      succ = this
-    }
-  }
 }