hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

use some Sanitizer classes that were unused in the query code

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-03-13 23:25:33 +01:00
parent 5c04516179
commit 9cf0a94e4d
6 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll
View File

@@ -26,6 +26,11 @@ class Configuration extends TaintTracking::Configuration {
guard instanceof TaintedObject::SanitizerGuard
}
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate isAdditionalFlowStep(
DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
) {

5
javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll
View File

@@ -19,6 +19,11 @@ class Configuration extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isBarrier(DataFlow::Node node) {
super.isBarrier(node) or
node instanceof Sanitizer
}
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput())
or

5
javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll
View File

@@ -31,4 +31,9 @@ class Configuration extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
sink.(Sink).getALabel() = label
}
override predicate isBarrier(DataFlow::Node node) {
super.isBarrier(node) or
node instanceof Sanitizer
}
}

2
javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll
View File

@@ -34,6 +34,8 @@ module UnvalidatedDynamicMethodCall {
/**
* A sanitizer for unvalidated dynamic method calls.
* Override the `sanitizes` predicate to specify an edge that should be sanitized.
* The `this` value is not seen as a sanitizer.
*/
abstract class Sanitizer extends DataFlow::Node {
abstract predicate sanitizes(DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl);

6
javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll
View File

@@ -38,7 +38,11 @@ class Configuration extends TaintTracking::Configuration {
sink.(Sink).getFlowLabel() = label
}
override predicate isSanitizer(DataFlow::Node nd) { super.isSanitizer(nd) }
override predicate isSanitizerEdge(
DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel lbl
) {
any(Sanitizer s).sanitizes(pred, succ, lbl)
}
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
guard instanceof NumberGuard or

5
javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustion.qll
View File

@@ -23,6 +23,11 @@ module ResourceExhaustion {
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) {
isNumericFlowStep(src, dst)
or