hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: move js/resource-exhaustion to experimental

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2021-01-21 09:02:11 +01:00
parent 3c9c79a550
commit b90dd89746
13 changed files with 20 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
javascript/ql/src/Security/CWE-770/ResourceExhaustion.qhelp → javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.qhelp
View File

2
javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql → javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql
View File

@@ -12,7 +12,7 @@
import javascript
import DataFlow::PathGraph
import semmle.javascript.security.dataflow.ResourceExhaustion::ResourceExhaustion
import experimental.semmle.javascript.security.dataflow.ResourceExhaustion::ResourceExhaustion
from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink
where dataflow.hasFlowPath(source, sink)

0
javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout.js → javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout.js
View File

0
javascript/ql/src/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js → javascript/ql/src/experimental/Security/CWE-770/examples/ResourceExhaustion_timeout_fixed.js
View File

0
javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustion.qll → javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustion.qll
View File

0
javascript/ql/src/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll → javascript/ql/src/experimental/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
View File

36
javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.expected → javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.expected
View File

@@ -1,13 +1,13 @@
nodes
| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url |
| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| resource-exhaustion.js:9:7:9:42 | s |
| resource-exhaustion.js:9:11:9:34 | url.par ... , true) |
| resource-exhaustion.js:9:11:9:40 | url.par ... ).query |
@@ -30,14 +30,14 @@ nodes
| resource-exhaustion.js:88:18:88:18 | s |
| resource-exhaustion.js:88:18:88:18 | s |
edges
| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentation_examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
| documentation_examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentation_examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay |
| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) |
| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) |
| resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:10:20:10:20 | s |
| resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:39:12:39:12 | s |
| resource-exhaustion.js:9:7:9:42 | s | resource-exhaustion.js:39:12:39:12 | s |
@@ -59,7 +59,7 @@ edges
| resource-exhaustion.js:10:11:10:21 | parseInt(s) | resource-exhaustion.js:10:7:10:21 | n |
| resource-exhaustion.js:10:20:10:20 | s | resource-exhaustion.js:10:11:10:21 | parseInt(s) |
#select
| documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentation_examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from $@. | documentation_examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | here |
| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from $@. | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | here |
| resource-exhaustion.js:38:12:38:12 | n | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:38:12:38:12 | n | This creates a string with a user-controlled length from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |
| resource-exhaustion.js:39:12:39:12 | s | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:39:12:39:12 | s | This creates a string with a user-controlled length from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |
| resource-exhaustion.js:85:17:85:17 | n | resource-exhaustion.js:9:21:9:27 | req.url | resource-exhaustion.js:85:17:85:17 | n | This creates a timer with a user-controlled duration from $@. | resource-exhaustion.js:9:21:9:27 | req.url | here |

1
javascript/ql/test/experimental/Security/CWE-770/ResourceExhaustion.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE-770/ResourceExhaustion.ql

0
javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout.js → javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout.js
View File

0
javascript/ql/test/query-tests/Security/CWE-770/documentation_examples/ResourceExhaustion_timeout_fixed.js → javascript/ql/test/experimental/Security/CWE-770/documentaion-examples/ResourceExhaustion_timeout_fixed.js
View File

0
javascript/ql/test/query-tests/Security/CWE-770/resource-exhaustion.js → javascript/ql/test/experimental/Security/CWE-770/resource-exhaustion.js
View File

1
javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion.qlref
View File

@@ -1 +0,0 @@
Security/CWE-770/ResourceExhaustion.ql