hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Restrict default sink flow labels to StandardFlowLabel.

Browse Source
This commit is contained in:
Max Schaefer
2018-09-26 08:35:11 +01:00
parent 5727b2a5f4
commit a8a8754c89
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -220,11 +220,14 @@ abstract class FlowLabel extends string {
bindingset[this] FlowLabel() { any() }
}
module FlowLabel {
private class StandardFlowLabel extends FlowLabel {
StandardFlowLabel() { this = "data" or this = "taint" }
}
/**
* A standard flow label, that is, either `FlowLabel::data()` or `FlowLabel::taint()`.
*/
private class StandardFlowLabel extends FlowLabel {
StandardFlowLabel() { this = "data" or this = "taint" }
}
module FlowLabel {
/**
* Gets the standard flow label for describing values that directly originate from a flow source.
*/
@@ -467,7 +470,7 @@ private predicate isSource(DataFlow::Node nd, DataFlow::Configuration cfg, FlowL
*/
private predicate isSink(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLabel lbl) {
(cfg.isSink(nd) or nd.(AdditionalSink).isSinkFor(cfg)) and
lbl = any(FlowLabel f)
lbl = any(StandardFlowLabel f)
or
cfg.isSink(nd, lbl)
}