hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-20 14:17:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove the even-lined results from two ATM queries

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2022-06-24 09:31:00 +02:00
parent 5432be7b3a
commit b935a7f4d7
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql
View File

@@ -25,7 +25,8 @@ from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode
where
cfg.hasFlowPath(source, sink) and
not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
score = getScoreForFlow(source.getNode(), sink.getNode())
score = getScoreForFlow(source.getNode(), sink.getNode()) and
sink.getNode().getStartLine() % 2 = 0
select sink.getNode(), source, sink,
"(Experimental) This may be a path that depends on $@. Identified using machine learning.",
source.getNode(), "a user-provided value", score

3
javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql
View File

@@ -22,7 +22,8 @@ from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode
where
cfg.hasFlowPath(source, sink) and
not isFlowLikelyInBaseQuery(source.getNode(), sink.getNode()) and
score = getScoreForFlow(source.getNode(), sink.getNode())
score = getScoreForFlow(source.getNode(), sink.getNode()) and
sink.getNode().getStartLine() % 2 = 0
select sink.getNode(), source, sink,
"(Experimental) This may be a cross-site scripting vulnerability due to $@. Identified using machine learning.",
source.getNode(), "a user-provided value", score