hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Abstract additional taint step

Browse Source
This commit is contained in:
Remco Vermeulen
2020-08-17 10:41:27 +02:00
parent 518459c0f7
commit 8db5c4f2e2
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-079/XSS.ql
View File

@@ -23,6 +23,10 @@ class XSSConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(XssAdditionalTaintStep s).step(node1, node2)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, XSSConfig conf

14
java/ql/src/semmle/code/java/security/XSS.qll
View File

@@ -14,6 +14,20 @@ abstract class XssSink extends DataFlow::Node { }
abstract class XssSanitizer extends DataFlow::Node { }
/**
* A unit class for adding additional taint steps.
*
* Extend this class to add additional taint steps that should apply to the XSS
* taint configuration.
*/
abstract class XssAdditionalTaintStep extends TaintTracking2::Unit {
/**
* Holds if the step from `node1` to `node2` should be considered a taint
* step for all configurations.
*/
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
}
private class DefaultXssSink extends XssSink {
DefaultXssSink() {
exists(HttpServletResponseSendErrorMethod m, MethodAccess ma |