hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

unsecure -> insecure

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-06-12 11:02:26 +02:00
parent 57d2226080
commit 908edb39b9
9 changed files with 56 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
javascript/ql/src/Security/CWE-829/UnsecureDownload.qhelp → javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp
View File

8
javascript/ql/src/Security/CWE-829/UnsecureDownload.ql → javascript/ql/src/Security/CWE-829/InsecureDownload.ql
View File

@@ -1,17 +1,17 @@
/**
* @name Download of sensitive file through unsecure connection
* @description Downloading executables and other sensitive files over an unsecure connection
* @name Download of sensitive file through insecure connection
* @description Downloading executables and other sensitive files over an insecure connection
* opens up for potential man-in-the-middle attacks.
* @kind path-problem
* @problem.severity error
* @precision high
* @id js/unsecure-download
* @id js/insecure-download
* @tags security
* external/cwe/cwe-829
*/
import javascript
import semmle.javascript.security.dataflow.UnsecureDownload::UnsecureDownload
import semmle.javascript.security.dataflow.InsecureDownload::InsecureDownload
import DataFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink

12
javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownload.qll → javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownload.qll
View File

@@ -1,18 +1,18 @@
/**
* Provides a taint tracking configuration for reasoning about download of sensitive file through unsecure connection.
* Provides a taint tracking configuration for reasoning about download of sensitive file through insecure connection.
*
* Note, for performance reasons: only import this file if
* `UnsecureDownload::Configuration` is needed, otherwise
* `UnsecureDownloadCustomizations` should be imported instead.
* `InsecureDownload::Configuration` is needed, otherwise
* `InsecureDownloadCustomizations` should be imported instead.
*/
import javascript
module UnsecureDownload {
import UnsecureDownloadCustomizations::UnsecureDownload
module InsecureDownload {
import InsecureDownloadCustomizations::InsecureDownload
/**
* A taint tracking configuration for download of sensitive file through unsecure connection.
* A taint tracking configuration for download of sensitive file through insecure connection.
*/
class Configuration extends DataFlow::Configuration {
Configuration() { this = "HTTP/HTTPS" }

14
javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownloadCustomizations.qll → javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll
View File

@@ -1,19 +1,19 @@
/**
* Provides default sources, sinks and sanitizers for reasoning about
* download of sensitive file through unsecure connection, as well as
* download of sensitive file through insecure connection, as well as
* extension points for adding your own.
*/
import javascript
module UnsecureDownload {
module InsecureDownload {
/**
* A data flow source for download of sensitive file through unsecure connection.
* A data flow source for download of sensitive file through insecure connection.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for download of sensitive file through unsecure connection.
* A data flow sink for download of sensitive file through insecure connection.
*/
abstract class Sink extends DataFlow::Node {
/**
@@ -23,13 +23,13 @@ module UnsecureDownload {
}
/**
* A sanitizer for download of sensitive file through unsecure connection.
* A sanitizer for download of sensitive file through insecure connection.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* A HTTP or FTP URL that refers to a file with a sensitive file extension,
* seen as a source for download of sensitive file through unsecure connection.
* seen as a source for download of sensitive file through insecure connection.
*/
class SensitiveFileUrl extends Source {
SensitiveFileUrl() {
@@ -55,7 +55,7 @@ module UnsecureDownload {
/**
* A url downloaded by a client-request, seen as a sink for download of
* sensitive file through unsecure connection.a
* sensitive file through insecure connection.a
*/
class ClientRequestURL extends Sink {
ClientRequest request;

38
javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected Normal file
View File

@@ -0,0 +1,38 @@
nodes
| insecure-download.js:5:16:5:28 | installer.url |
| insecure-download.js:5:16:5:28 | installer.url |
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| insecure-download.js:36:9:36:45 | url |
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
| insecure-download.js:37:23:37:25 | url |
| insecure-download.js:37:23:37:25 | url |
| insecure-download.js:39:26:39:28 | url |
| insecure-download.js:39:26:39:28 | url |
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
edges
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url |
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url |
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url |
| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url |
| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url |
| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url |
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url |
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url |
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
#select
| insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source |
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source |
| insecure-download.js:37:23:37:25 | url | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:37:23:37:25 | url | $@ of sensitive file from $@. | insecure-download.js:37:5:37:42 | cp.exec ... () {}) | Download | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
| insecure-download.js:39:26:39:28 | url | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:39:26:39:28 | url | $@ of sensitive file from $@. | insecure-download.js:39:5:39:46 | cp.exec ... () {}) | Download | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:41:5:41:42 | nugget( ... e.APK") | Download | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | HTTP source |

1
javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-829/InsecureDownload.ql

33
javascript/ql/test/query-tests/Security/CWE-829/UnsecureDownload.expected
View File

@@ -1,33 +0,0 @@
nodes
| unsecure-download.js:5:16:5:28 | installer.url |
| unsecure-download.js:5:16:5:28 | installer.url |
| unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
| unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
| unsecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| unsecure-download.js:36:9:36:45 | url |
| unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
| unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
| unsecure-download.js:37:23:37:25 | url |
| unsecure-download.js:37:23:37:25 | url |
| unsecure-download.js:39:26:39:28 | url |
| unsecure-download.js:39:26:39:28 | url |
edges
| unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | unsecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | unsecure-download.js:15:18:15:40 | buildTo ... llerUrl |
| unsecure-download.js:15:18:15:40 | buildTo ... llerUrl | unsecure-download.js:5:16:5:28 | installer.url |
| unsecure-download.js:15:18:15:40 | buildTo ... llerUrl | unsecure-download.js:5:16:5:28 | installer.url |
| unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
| unsecure-download.js:36:9:36:45 | url | unsecure-download.js:37:23:37:25 | url |
| unsecure-download.js:36:9:36:45 | url | unsecure-download.js:37:23:37:25 | url |
| unsecure-download.js:36:9:36:45 | url | unsecure-download.js:39:26:39:28 | url |
| unsecure-download.js:36:9:36:45 | url | unsecure-download.js:39:26:39:28 | url |
| unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | unsecure-download.js:36:9:36:45 | url |
| unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | unsecure-download.js:36:9:36:45 | url |
#select
| unsecure-download.js:5:16:5:28 | installer.url | unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | unsecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | unsecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | unsecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source |
| unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | unsecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | unsecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source |
| unsecure-download.js:37:23:37:25 | url | unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | unsecure-download.js:37:23:37:25 | url | $@ of sensitive file from $@. | unsecure-download.js:37:5:37:42 | cp.exec ... () {}) | Download | unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
| unsecure-download.js:39:26:39:28 | url | unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | unsecure-download.js:39:26:39:28 | url | $@ of sensitive file from $@. | unsecure-download.js:39:5:39:46 | cp.exec ... () {}) | Download | unsecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |

1
javascript/ql/test/query-tests/Security/CWE-829/UnsecureDownload.qlref
View File

@@ -1 +0,0 @@
Security/CWE-829/UnsecureDownload.ql

0
javascript/ql/test/query-tests/Security/CWE-829/unsecure-download.js → javascript/ql/test/query-tests/Security/CWE-829/insecure-download.js
View File