QL code and tests for C#/C++/JavaScript.

2026-05-02 20:25:13 +02:00 · 2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
--- a/javascript/ql/test/library-tests/InterProceduralFlow/TaintTracking.ql
+++ b/javascript/ql/test/library-tests/InterProceduralFlow/TaintTracking.ql
@@ -0,0 +1,30 @@
+import javascript
+
+class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
+  TestTaintTrackingConfiguration() {
+    this = "TestTaintTrackingConfiguration"
+  }
+
+  override predicate isSource(DataFlow::Node src) {
+    exists (VariableDeclarator vd |
+      vd.getBindingPattern().(VarDecl).getName().matches("%source%") and
+      src.asExpr() = vd.getInit()
+    )
+  }
+
+  override predicate isSink(DataFlow::Node snk) {
+    exists (VariableDeclarator vd |
+      vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and
+      snk.asExpr() = vd.getInit()
+    )
+  }
+
+  override predicate isSanitizer(DataFlow::Node src, DataFlow::Node snk) {
+    src = src and
+    snk.asExpr().(PropAccess).getPropertyName() = "notTracked"
+  }
+}
+
+from TestTaintTrackingConfiguration tttc, DataFlow::Node src, DataFlow::Node snk
+where tttc.hasFlow(src, snk)
+select src, snk