JS: Port Xxe

2026-03-05 07:06:47 +01:00 · 2023-10-05 09:26:42 +02:00
parent c2d170b4fd
commit b8847dbc5d
3 changed files with 34 additions and 46 deletions
--- a/javascript/ql/src/Security/CWE-611/Xxe.ql
+++ b/javascript/ql/src/Security/CWE-611/Xxe.ql
@@ -14,10 +14,10 @@

 import javascript
 import semmle.javascript.security.dataflow.XxeQuery
-import DataFlow::PathGraph
+import XxeFlow::PathGraph

-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from XxeFlow::PathNode source, XxeFlow::PathNode sink
+where XxeFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "XML parsing depends on a $@ without guarding against external entity expansion.",
  source.getNode(), "user-provided value"