add a taint step through the ansi-to-html library

2026-04-28 18:25:24 +02:00 · 2021-07-15 14:04:16 +02:00
parent 8ccdd4fb9f
commit ae2fc7171b
5 changed files with 61 additions and 0 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
@@ -337,3 +337,17 @@ class StripAnsiStep extends TaintTracking::SharedTaintStep {
    )
  }
 }
+
+/**
+ * A step through the [`ansi-to-html`](https://npmjs.org/package/ansi-to-html) library.
+ */
+class AnsiToHtmlStep extends TaintTracking::SharedTaintStep {
+  override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(API::CallNode call |
+      call = API::moduleImport("ansi-to-html").getInstance().getMember("toHtml").getACall()
+    |
+      pred = call.getArgument(0) and
+      succ = call
+    )
+  }
+}