only activate the PrefixString label in Query.qll files

2026-05-02 04:05:14 +02:00 · 2022-04-20 11:59:56 +02:00
parent 8a5b1668f9
commit b1bad271d5
5 changed files with 17 additions and 1 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssATM.qll
@@ -116,6 +116,10 @@ private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGua
  PrefixStringSanitizerActivated() { this = this }
 }

+private class PrefixStringActivated extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixStringActivated() { this = this }
+}
+
 private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
  QuoteGuard() { this = this }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
@@ -322,7 +322,7 @@ module DomBasedXss {
  /**
   * A flow-label representing tainted values where the prefix is attacker controlled.
   */
-  class PrefixString extends DataFlow::FlowLabel {
+  abstract class PrefixString extends DataFlow::FlowLabel {
    PrefixString() { this = "PrefixString" }
  }

--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
@@ -132,6 +132,10 @@ private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGua
  PrefixStringSanitizerActivated() { this = this }
 }

+private class PrefixStringActivated extends DataFlow::FlowLabel, PrefixString {
+  PrefixStringActivated() { this = this }
+}
+
 private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
  QuoteGuard() { this = this }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll
@@ -54,6 +54,10 @@ private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode,
  PrefixStringSanitizer() { this = this }
 }

+private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixString() { this = this }
+}
+
 private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
  QuoteGuard() { this = this }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll
@@ -59,6 +59,10 @@ private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode,
  PrefixStringSanitizer() { this = this }
 }

+private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixString() { this = this }
+}
+
 private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
  QuoteGuard() { this = this }
 }