hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add missing docs

Browse Source
This commit is contained in:
Slavomir
2021-03-11 17:23:07 +01:00
committed by Chris Smowton
parent e2b7c035ad
commit 8f124f8395
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
View File

@@ -49,11 +49,14 @@ class FlowConfFromUntrustedToPassthroughTypeConversion extends TaintTracking::Co
this = "UntrustedToConversion" + dstTypeName
}
/**
* Gets the name of conversion's destination type.
*/
string getDstTypeName() { result = dstTypeName }
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
predicate isSinkToPassthroughType(DataFlow::TypeCastNode sink, string name) {
private predicate isSinkToPassthroughType(DataFlow::TypeCastNode sink, string name) {
exists(Type typ |
typ = sink.getResultType() and
typ.getUnderlyingType*().hasQualifiedName("html/template", name) and
@@ -90,16 +93,19 @@ class FlowConfPassthroughTypeConversionToTemplateExecutionCall extends TaintTrac
FlowConfPassthroughTypeConversionToTemplateExecutionCall() {
dstTypeName instanceof PassthroughTypeName and
this = "UnsafeConversionToExec" + dstTypeName
this = "ConversionToExec" + dstTypeName
}
/**
* Gets the name of conversion's destination type.
*/
string getDstTypeName() { result = dstTypeName }
override predicate isSource(DataFlow::Node source) {
isSourceConversionToPassthroughType(source, _)
}
predicate isSourceConversionToPassthroughType(DataFlow::TypeCastNode source, string name) {
private predicate isSourceConversionToPassthroughType(DataFlow::TypeCastNode source, string name) {
exists(Type typ |
typ = source.getResultType() and
typ.getUnderlyingType*().hasQualifiedName("html/template", name) and