JS: Replace ClearTextLogging::isSanitizerEdge with a node

2026-04-26 09:15:12 +02:00 · 2023-07-11 13:05:45 +02:00
parent 68584e549e
commit 944a2ca825
4 changed files with 22 additions and 9 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll
@@ -27,10 +27,6 @@ class Configuration extends TaintTracking::Configuration {

  override predicate isSanitizer(DataFlow::Node node) { node instanceof CleartextLogging::Barrier }

-  override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
-    CleartextLogging::isSanitizerEdge(pred, succ)
-  }
-
  override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) {
    CleartextLogging::isAdditionalTaintStep(src, trg)
  }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
@@ -175,12 +175,24 @@ module CleartextLogging {
  }

  /**
+   * DEPRECATED. Use `Barrier` instead, sanitized have been replaced by sanitized nodes.
+   *
   * Holds if the edge `pred` -> `succ` should be sanitized for clear-text logging of sensitive information.
   */
-  predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
+  deprecated predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
    succ.(DataFlow::PropRead).getBase() = pred
  }

+  private class PropReadAsBarrier extends Barrier {
+    PropReadAsBarrier() {
+      this = any(DataFlow::PropRead read).getBase() and
+      // the 'foo' in 'foo.bar()' may have flow, we only want to suppress plain property reads
+      not this = any(DataFlow::MethodCallNode call).getReceiver() and
+      // do not block custom taint steps from this node
+      not isAdditionalTaintStep(this, _)
+    }
+  }
+
  /**
   * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information.
   */
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll
@@ -33,10 +33,6 @@ class Configuration extends TaintTracking::Configuration {

  override predicate isSanitizer(DataFlow::Node node) { node instanceof Barrier }

-  override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
-    CleartextLogging::isSanitizerEdge(pred, succ)
-  }
-
  override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) {
    CleartextLogging::isAdditionalTaintStep(src, trg)
  }