mirror of
https://github.com/github/codeql.git
synced 2026-03-22 07:26:45 +01:00
JavaScript: Add import DataFlow::PathGraph.
This commit is contained in:
Max Schaefer
@@ -16,6 +16,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
|
||||
where cfg.hasFlow(source, sink) and
|
||||
|
||||
@@ -13,8 +13,9 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Cross-site scripting vulnerability due to $@.",
|
||||
source, "user-provided value"
|
||||
source, "user-provided value"
|
||||
|
||||
@@ -13,8 +13,9 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.StoredXss::StoredXss
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Stored cross-site scripting vulnerability due to $@.",
|
||||
source, "stored value"
|
||||
source, "stored value"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.SqlInjection
|
||||
import semmle.javascript.security.dataflow.NosqlInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where (cfg instanceof SqlInjection::Configuration or
|
||||
|
||||
@@ -14,7 +14,8 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"
|
||||
select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow (source, sink)
|
||||
|
||||
@@ -13,8 +13,9 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.StackTraceExposure::StackTraceExposure
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Stack trace information from $@ may be exposed to an external user here.",
|
||||
source, "here"
|
||||
source, "here"
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.CleartextLogging::CleartextLogging
|
||||
import DataFlow::PathGraph
|
||||
|
||||
/**
|
||||
* Holds if `tl` is used in a browser environment.
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.CleartextStorage::CleartextStorage
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm::BrokenCryptoAlgorithm
|
||||
import semmle.javascript.security.SensitiveActions
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink) and
|
||||
|
||||
@@ -12,7 +12,8 @@
|
||||
*/
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.InsecureRandomness::InsecureRandomness
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Cryptographically insecure $@ in a security context.", source, "random value"
|
||||
select sink, "Cryptographically insecure $@ in a security context.", source, "random value"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentials::CorsMisconfigurationForCredentials
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -14,9 +14,9 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.RemotePropertyInjection::RemotePropertyInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "A $@ is used as" + sink.(Sink).getMessage(),
|
||||
source, "user-provided value"
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -14,7 +14,8 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.ClientSideUrlRedirect::ClientSideUrlRedirect
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Untrusted URL redirection due to $@.", source, "user-provided value"
|
||||
select sink, "Untrusted URL redirection due to $@.", source, "user-provided value"
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.ServerSideUrlRedirect::ServerSideUrlRedirect
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.Xxe::Xxe
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGeneration::HostHeaderPoisoningInEmailGeneration
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.XpathInjection::XpathInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.RegExpInjection::RegExpInjection
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.XmlBomb::XmlBomb
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import javascript
|
||||
private import semmle.javascript.security.dataflow.HardcodedCredentials::HardcodedCredentials
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string value
|
||||
where cfg.hasFlow(source, sink) and
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.ConditionalBypass::ConditionalBypass
|
||||
import DataFlow::PathGraph
|
||||
|
||||
/**
|
||||
* Holds if the value of `nd` flows into `guard`.
|
||||
|
||||
@@ -11,7 +11,8 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTampering::TypeConfusionThroughParameterTampering
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
select sink, "Potential type confusion for $@.", source, "HTTP request parameter"
|
||||
select sink, "Potential type confusion for $@.", source, "HTTP request parameter"
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.HttpToFileAccess::HttpToFileAccess
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.InsufficientPasswordHash::InsufficientPasswordHash
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
||||
where cfg.hasFlow(source, sink)
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.RequestForgery::RequestForgery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node request
|
||||
where cfg.hasFlow(source, sink) and
|
||||
|
||||
Reference in New Issue
Block a user