hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

treat Base64 manipulations as non-sinks

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2021-12-10 12:37:44 +01:00
parent b49ca6a24c
commit a1ee900f50
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
View File

@@ -205,4 +205,7 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
exists(DataFlow::FunctionNode f | call = f.getLastParameter().getACall()) and
reason instanceof NextFunctionCallReason
)
or
(exists(Base64::Decode d | n = d.getInput()) or exists(Base64::Encode d | n = d.getInput())) and
reason instanceof Base64ManipulationReason
}

9
javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FilteringReasons.qll
View File

@@ -29,7 +29,8 @@ newtype TFilteringReason =
TArgumentToArrayReason() or
TArgumentToBuiltinGlobalVarRefReason() or
TConstantReceiverReason() or
TBuiltinCallNameReason()
TBuiltinCallNameReason() or
TBase64ManipulationReason()
/** A reason why a particular endpoint was filtered out by the endpoint filters. */
abstract class FilteringReason extends TFilteringReason {
@@ -194,3 +195,9 @@ class BuiltinCallNameReason extends NotASinkReason, TBuiltinCallNameReason {
override int getEncoding() { result = 27 }
}
class Base64ManipulationReason extends NotASinkReason, TBase64ManipulationReason {
override string getDescription() { result = "Base64Manipulation" }
override int getEncoding() { result = 28 }
}