diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index fcc90abb618..3bc77a53548 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -16,6 +16,7 @@ import javascript import semmle.javascript.security.dataflow.TaintedPath::TaintedPath +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index 0f000d32741..2cb33c1ebdb 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -14,6 +14,7 @@ import javascript import semmle.javascript.security.dataflow.CommandInjection::CommandInjection +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight where cfg.hasFlow(source, sink) and diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index 16a6819773d..e5879a6301f 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -13,8 +13,9 @@ import javascript import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) select sink, "Cross-site scripting vulnerability due to $@.", - source, "user-provided value" \ No newline at end of file + source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index affb40e2771..cde3fb7ba72 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -13,8 +13,9 @@ import javascript import semmle.javascript.security.dataflow.StoredXss::StoredXss +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) select sink, "Stored cross-site scripting vulnerability due to $@.", - source, "stored value" \ No newline at end of file + source, "stored value" diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 368ff84b340..26c21f580aa 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -13,6 +13,7 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 2e1847efd0c..73f836adaa2 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -13,6 +13,7 @@ import javascript import semmle.javascript.security.dataflow.SqlInjection import semmle.javascript.security.dataflow.NosqlInjection +import DataFlow::PathGraph from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink where (cfg instanceof SqlInjection::Configuration or diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index 1ee6d4fff6a..1b02623d0c7 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -14,7 +14,8 @@ import javascript import semmle.javascript.security.dataflow.CodeInjection::CodeInjection +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) -select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value" \ No newline at end of file +select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value" diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 98e0f10dd02..c1bc1dd0dbf 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -11,6 +11,7 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index 2ff9d648c71..649b09a447b 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -10,6 +10,7 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow (source, sink) diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index ffbfcb2e381..29acb9f36fe 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -13,8 +13,9 @@ import javascript import semmle.javascript.security.dataflow.StackTraceExposure::StackTraceExposure +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) select sink, "Stack trace information from $@ may be exposed to an external user here.", - source, "here" \ No newline at end of file + source, "here" diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index e31e6c30567..f1bcf19faf9 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -14,6 +14,7 @@ import javascript import semmle.javascript.security.dataflow.CleartextLogging::CleartextLogging +import DataFlow::PathGraph /** * Holds if `tl` is used in a browser environment. diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 32d64d79da3..76545de3b20 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -14,6 +14,7 @@ import javascript import semmle.javascript.security.dataflow.CleartextStorage::CleartextStorage +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 192857c520e..18f712f1528 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm::BrokenCryptoAlgorithm import semmle.javascript.security.SensitiveActions +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) and diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 58ef6368052..b415acb3a92 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -12,7 +12,8 @@ */ import javascript import semmle.javascript.security.dataflow.InsecureRandomness::InsecureRandomness +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) -select sink, "Cryptographically insecure $@ in a security context.", source, "random value" \ No newline at end of file +select sink, "Cryptographically insecure $@ in a security context.", source, "random value" diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index a8020f6741f..9b18c2bf239 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -13,6 +13,7 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentials::CorsMisconfigurationForCredentials +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index be405ebadaf..78d3cb7d938 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjection::RemotePropertyInjection +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) select sink, "A $@ is used as" + sink.(Sink).getMessage(), source, "user-provided value" - diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 5f40f53aeb0..2d5e30c74f4 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserialization::UnsafeDeserialization +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index 7ac823dd2d2..8272abab0f0 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -14,7 +14,8 @@ import javascript import semmle.javascript.security.dataflow.ClientSideUrlRedirect::ClientSideUrlRedirect +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) -select sink, "Untrusted URL redirection due to $@.", source, "user-provided value" \ No newline at end of file +select sink, "Untrusted URL redirection due to $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index 7bf1e8e37fd..42cdddc46de 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.ServerSideUrlRedirect::ServerSideUrlRedirect +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index c95fce7b0ee..5ebbf33a1a9 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -13,6 +13,7 @@ import javascript import semmle.javascript.security.dataflow.Xxe::Xxe +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 656ed2e9dbe..4af6c22cd70 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGeneration::HostHeaderPoisoningInEmailGeneration +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index a083c9d6ca8..904c8149ab3 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.XpathInjection::XpathInjection +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index c6ba972aa8a..57127778cd6 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -14,6 +14,7 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjection::RegExpInjection +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index 7c254249a1c..a0c9020a5f4 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -13,6 +13,7 @@ import javascript import semmle.javascript.security.dataflow.XmlBomb::XmlBomb +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index e61f42b9686..3d21115fd07 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -14,6 +14,7 @@ import javascript private import semmle.javascript.security.dataflow.HardcodedCredentials::HardcodedCredentials +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string value where cfg.hasFlow(source, sink) and diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index 454621a7e03..105cb2d0d35 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -12,6 +12,7 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypass::ConditionalBypass +import DataFlow::PathGraph /** * Holds if the value of `nd` flows into `guard`. diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 420c3141899..f9403c65238 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -11,7 +11,8 @@ import javascript import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTampering::TypeConfusionThroughParameterTampering +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) -select sink, "Potential type confusion for $@.", source, "HTTP request parameter" \ No newline at end of file +select sink, "Potential type confusion for $@.", source, "HTTP request parameter" diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index 6cb12582601..1eb21eb7c76 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -10,6 +10,7 @@ import javascript import semmle.javascript.security.dataflow.HttpToFileAccess::HttpToFileAccess +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index ad7e3c77dd2..b209a6c5831 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -11,6 +11,7 @@ import javascript import semmle.javascript.security.dataflow.InsufficientPasswordHash::InsufficientPasswordHash +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink where cfg.hasFlow(source, sink) diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index 29c07985e83..81d6e83a32e 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -11,6 +11,7 @@ import javascript import semmle.javascript.security.dataflow.RequestForgery::RequestForgery +import DataFlow::PathGraph from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node request where cfg.hasFlow(source, sink) and