hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Make XssSink extensible.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-08-11 13:09:27 +02:00
parent 0476b97f63
commit 99c9524639
4 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Security/CWE/CWE-079/XSS.ql
View File

@@ -12,11 +12,10 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.XSS
import DataFlow2::PathGraph
import DataFlow::PathGraph
class XSSConfig extends TaintTracking2::Configuration {
class XSSConfig extends TaintTracking::Configuration {
XSSConfig() { this = "XSSConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
@@ -28,7 +27,7 @@ class XSSConfig extends TaintTracking2::Configuration {
}
}
from DataFlow2::PathNode source, DataFlow2::PathNode sink, XSSConfig conf
from DataFlow::PathNode source, DataFlow::PathNode sink, XSSConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
source.getNode(), "user-provided value"

7
java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
View File

@@ -12,11 +12,10 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.XSS
import DataFlow2::PathGraph
import DataFlow::PathGraph
class XSSLocalConfig extends TaintTracking2::Configuration {
class XSSLocalConfig extends TaintTracking::Configuration {
XSSLocalConfig() { this = "XSSLocalConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
@@ -24,7 +23,7 @@ class XSSLocalConfig extends TaintTracking2::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
}
from DataFlow2::PathNode source, DataFlow2::PathNode sink, XSSLocalConfig conf
from DataFlow::PathNode source, DataFlow::PathNode sink, XSSLocalConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
source.getNode(), "user-provided value"

6
java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
View File

@@ -14,7 +14,7 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.XSS
/**
@@ -84,7 +84,7 @@ predicate stackTraceExpr(Expr exception, MethodAccess stackTraceString) {
)
}
class StackTraceStringToXssSinkFlowConfig extends TaintTracking2::Configuration {
class StackTraceStringToXssSinkFlowConfig extends TaintTracking::Configuration {
StackTraceStringToXssSinkFlowConfig() {
this = "StackTraceExposure::StackTraceStringToXssSinkFlowConfig"
}
@@ -124,7 +124,7 @@ class GetMessageFlowSource extends MethodAccess {
}
}
class GetMessageFlowSourceToXssSinkFlowConfig extends TaintTracking2::Configuration {
class GetMessageFlowSourceToXssSinkFlowConfig extends TaintTracking::Configuration {
GetMessageFlowSourceToXssSinkFlowConfig() {
this = "StackTraceExposure::GetMessageFlowSourceToXssSinkFlowConfig"
}