hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve comments and naming.

Browse Source
This commit is contained in:
Slavomir
2021-03-09 00:01:33 +01:00
committed by Chris Smowton
parent d5355eb6b4
commit b42d21f740
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
View File

@@ -146,19 +146,19 @@ predicate flowsFromUntrustedToExec(DataFlow::PathNode untrusted, DataFlow::PathN
}
from
DataFlow::PathNode untrustedSource, DataFlow::PathNode tplExecCall, string targetTypeName,
DataFlow::PathNode conversionSink
DataFlow::PathNode untrustedSource, DataFlow::PathNode templateExecCall, string targetTypeName,
DataFlow::PathNode conversion
where
// A = remoteflowsource
// A = untrusted remote flow source
// B = conversion to PassthroughType
// C = template execution
// C = template execution call
// Flows:
// A -> B
flowsFromUntrustedToConversion(untrustedSource, targetTypeName, conversionSink) and
flowsFromUntrustedToConversion(untrustedSource, targetTypeName, conversion) and
// B -> C
flowsFromConversionToExec(conversionSink, targetTypeName, tplExecCall) and
flowsFromConversionToExec(conversion, targetTypeName, templateExecCall) and
// A -> C
flowsFromUntrustedToExec(untrustedSource, tplExecCall)
select tplExecCall.getNode(), untrustedSource, tplExecCall,
flowsFromUntrustedToExec(untrustedSource, templateExecCall)
select templateExecCall.getNode(), untrustedSource, templateExecCall,
"Data from an $@ will not be auto-escaped because it was $@ to template." + targetTypeName,
untrustedSource.getNode(), "untrusted source", conversionSink.getNode(), "converted"
untrustedSource.getNode(), "untrusted source", conversion.getNode(), "converted"