hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 15:36:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: polish HttpToFileAccess.ql

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-10-05 12:25:07 +02:00
parent d261915598
commit b00aa36cdc
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Http response data flows to File Access
* @description Writing data from an HTTP request directly to the file system allows arbitrary file upload and might indicate a backdoor.
* @name User-controlled data in file
* @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
* @kind problem
* @problem.severity warning
* @id js/http-to-file-access
@@ -11,6 +11,6 @@
import javascript
import semmle.javascript.security.dataflow.HttpToFileAccess
from HttpToFileAccessFlow::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
from HttpToFileAccess::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
where configuration.hasFlow(src, sink)
select sink, "$@ flows to file system", src, "Untrusted data received from Http response"
select sink, "$@ flows to file system", src, "Untrusted data"