hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Recognize req.user a cookie access

Browse Source
This commit is contained in:
Asger Feldthaus
2020-01-24 09:44:08 +00:00
parent a68bb9ffd1
commit b98db62e82
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
View File

@@ -12,16 +12,16 @@
import javascript
/** Gets the string `session` or `cookies`, the parts of `req` containing cookie data. */
string sessionOrCookies() {
result = "session" or result = "cookies"
/** Gets a property name of `req` which refers to data usually derived from cookie data. */
string cookieProperty() {
result = "session" or result = "cookies" or result = "user"
}
/** Gets a data flow node that flows to the base of an access to `cookies` or `session`. */
private DataFlow::SourceNode nodeLeadingToCookieAccess(DataFlow::TypeBackTracker t) {
t.start() and
exists(DataFlow::PropRead value |
value = result.getAPropertyRead(sessionOrCookies()).getAPropertyRead() and
value = result.getAPropertyRead(cookieProperty()).getAPropertyRead() and
// Ignore accesses to values that are part of a CSRF or captcha check
not value.getPropertyName().regexpMatch("(?i).*(csrf|xsrf|captcha).*") and