mirror of
https://github.com/github/codeql.git
synced 2026-04-18 21:44:02 +02:00
Merge pull request #10727 from erik-krogh/js-last-msg
JS: fix some more style-guide violations in the alert-messages
This commit is contained in:
Erik Krogh Kristensen
@@ -21,5 +21,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -18,5 +18,6 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select source.getNode(), source, sink, "$@ depends on $@ which may contain '..'", sink.getNode(),
|
||||
"File system operation", source.getNode(), "unsanitized archive entry"
|
||||
select source.getNode(), source, sink,
|
||||
"Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(),
|
||||
"file system operation"
|
||||
|
||||
@@ -17,5 +17,5 @@ import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery
|
||||
|
||||
from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Template object depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Template object depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -28,5 +28,5 @@ where
|
||||
else highlight = sink.getNode()
|
||||
) and
|
||||
sourceNode = source.getNode()
|
||||
select highlight, source, sink, "Command line depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select highlight, source, sink, "This command line depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -19,6 +19,6 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
|
||||
where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
|
||||
select sinkNode.getAlertLocation(), source, sink, "$@ which depends on $@ is later used in $@.",
|
||||
sinkNode.getAlertLocation(), sinkNode.getSinkType(), source.getNode(), "library input",
|
||||
sinkNode.getCommandExecution(), "a shell command"
|
||||
select sinkNode.getAlertLocation(), source, sink,
|
||||
"This " + sinkNode.getSinkType() + " which depends on $@ is later used in a $@.",
|
||||
source.getNode(), "library input", sinkNode.getCommandExecution(), "shell command"
|
||||
|
||||
@@ -18,5 +18,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
|
||||
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -18,6 +18,6 @@ import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery
|
||||
|
||||
from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
|
||||
where cfg.hasFlowPath(source, sink) and sink.getNode() = sinkNode
|
||||
select sinkNode, source, sink, "$@ which depends on $@ might later allow $@.", sinkNode,
|
||||
sinkNode.describe(), source.getNode(), "library input", sinkNode.getSink(),
|
||||
sinkNode.getVulnerabilityKind().toLowerCase()
|
||||
select sinkNode, source, sink,
|
||||
"This " + sinkNode.describe() + " which depends on $@ might later allow $@.", source.getNode(),
|
||||
"library input", sinkNode.getSink(), sinkNode.getVulnerabilityKind().toLowerCase()
|
||||
|
||||
@@ -25,5 +25,5 @@ where
|
||||
cfg instanceof NosqlInjection::Configuration
|
||||
) and
|
||||
cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "This query depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -20,6 +20,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"$@ flows to " + sink.getNode().(Sink).getMessageSuffix() + ".", source.getNode(),
|
||||
"User-provided value"
|
||||
select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -68,5 +68,5 @@ where
|
||||
sink.getNode().(StringOps::ConcatenationLeaf).getRoot() = endsInCodeInjectionSink() and
|
||||
remoteFlow() = source.getNode().(DataFlow::InvokeNode).getAnArgument()
|
||||
)
|
||||
select sink.getNode(), source, sink, "Code construction depends on $@.", source.getNode(),
|
||||
"an improperly sanitized value"
|
||||
select sink.getNode(), source, sink, "Code construction depends on an $@.", source.getNode(),
|
||||
"improperly sanitized value"
|
||||
|
||||
@@ -17,7 +17,8 @@ import javascript
|
||||
import DataFlow::PathGraph
|
||||
import semmle.javascript.security.dataflow.UnsafeCodeConstruction::UnsafeCodeConstruction
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "$@ flows to this location and is later $@.", source.getNode(),
|
||||
"Library input", sink.getNode().(Sink).getCodeSink(), "interpreted as code"
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode
|
||||
where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
|
||||
select sink.getNode(), source, sink,
|
||||
"This " + sinkNode.getSinkType() + " which depends on $@ is later $@.", source.getNode(),
|
||||
"library input", sinkNode.getCodeSink(), "interpreted as code"
|
||||
|
||||
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink, source, sink,
|
||||
"This method is invoked using $@, which may allow remote code execution.", source.getNode(),
|
||||
"a user-controlled value"
|
||||
"This method is invoked using a $@, which may allow remote code execution.", source.getNode(),
|
||||
"user-controlled value"
|
||||
|
||||
@@ -17,5 +17,5 @@ import semmle.javascript.security.dataflow.LogInjectionQuery
|
||||
|
||||
from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where config.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Log entry depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -18,4 +18,4 @@ where
|
||||
cookie.isSensitive() and
|
||||
cookie.isSecure() and // `js/clear-text-cookie` will report it if the cookie is not secure.
|
||||
cookie.getSameSite().toLowerCase() = "none"
|
||||
select cookie, "Sensitive cookie with SameSite set to 'None'"
|
||||
select cookie, "Sensitive cookie with SameSite set to 'None'."
|
||||
|
||||
@@ -16,5 +16,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Format string depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -140,5 +140,6 @@ where
|
||||
byPassEndPoint = toOtherCase(endpointExample) and
|
||||
not Matcher::matches(regexp.getRoot(), byPassEndPoint)
|
||||
select arg,
|
||||
"This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '"
|
||||
+ byPassEndPoint + "' will bypass the middleware.", regexp, "pattern", endpoint, "here"
|
||||
"This route uses a case-sensitive path $@, but is guarding a $@. A path such as '" +
|
||||
byPassEndPoint + "' will bypass the middleware.", regexp, "pattern", endpoint,
|
||||
"case-insensitive path"
|
||||
|
||||
@@ -16,5 +16,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Outbound network request depends on $@", source.getNode(),
|
||||
select sink.getNode(), source, sink, "Outbound network request depends on $@.", source.getNode(),
|
||||
"file data"
|
||||
|
||||
@@ -19,6 +19,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"$@ flows to this location and may be exposed to an external user.", source.getNode(),
|
||||
"Stack trace information"
|
||||
select sink.getNode(), source, sink, "This information exposed to the user depends on $@.",
|
||||
source.getNode(), "stack trace information"
|
||||
|
||||
@@ -19,6 +19,6 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"Sensitive data returned by $@ flows to this location and is stored in a build artifact.",
|
||||
source.getNode(), source.getNode().(CleartextLogging::Source).describe()
|
||||
select sink.getNode(), source, sink, "This creates a build artifact that depends on $@.",
|
||||
source.getNode(),
|
||||
"sensitive data returned by" + source.getNode().(CleartextLogging::Source).describe()
|
||||
|
||||
@@ -38,5 +38,5 @@ where
|
||||
cfg.hasFlowPath(source, sink) and
|
||||
// ignore logging to the browser console (even though it is not a good practice)
|
||||
not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel())
|
||||
select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(),
|
||||
"Sensitive data returned by " + source.getNode().(Source).describe()
|
||||
select sink.getNode(), source, sink, "This logs sensitive data returned by $@ as clear text.",
|
||||
source.getNode(), source.getNode().(Source).describe()
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(),
|
||||
"Sensitive data returned by " + source.getNode().(Source).describe()
|
||||
select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.",
|
||||
source.getNode(), source.getNode().(Source).describe()
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"This security context depends on a cryptographically insecure random number at $@.",
|
||||
"This uses a cryptographically insecure random number generated at $@ in a security context.",
|
||||
source.getNode(), source.getNode().toString()
|
||||
|
||||
@@ -18,6 +18,6 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "$@ leak vulnerability due to $@.",
|
||||
select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.",
|
||||
sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(),
|
||||
"a misconfigured CORS header value"
|
||||
"misconfigured CORS header value"
|
||||
|
||||
@@ -201,5 +201,5 @@ where
|
||||
not handler.getAChild*() = Routing::getNode(authMiddlewareImmuneToCsrf()) and
|
||||
// Only warn for dangerous handlers, such as for POST and PUT.
|
||||
setup.getOwnHttpMethod().isUnsafe()
|
||||
select cookie, "This cookie middleware is serving a request handler $@ without CSRF protection.",
|
||||
setupArg, "here"
|
||||
select cookie, "This cookie middleware is serving a $@ without CSRF protection.", setupArg,
|
||||
"request handler"
|
||||
|
||||
@@ -53,4 +53,4 @@ from Express::RouteSetup setup
|
||||
where
|
||||
isLoginSetup(setup) and
|
||||
not regeneratesSession(setup)
|
||||
select setup, "Route handler does not invalidate session following login"
|
||||
select setup, "Route handler does not invalidate session following login."
|
||||
|
||||
@@ -18,5 +18,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on $@.",
|
||||
source.getNode(), "a user-provided value"
|
||||
select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Unsafe deserialization that depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Untrusted URL redirection depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Untrusted URL redirection depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"XML parsing depends on $@ without guarding against external entity expansion.", source.getNode(),
|
||||
"a user-provided value"
|
||||
"XML parsing depends on a $@ without guarding against external entity expansion.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -18,4 +18,4 @@ import javascript
|
||||
|
||||
from CookieWrites::CookieWrite cookie
|
||||
where cookie.isSensitive() and not cookie.isSecure()
|
||||
select cookie, "Sensitive cookie sent without enforcing SSL encryption"
|
||||
select cookie, "Sensitive cookie sent without enforcing SSL encryption."
|
||||
|
||||
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "XPath expression depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
|
||||
"user-provided value"
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "This regular expression depends on $@.", source.getNode(),
|
||||
"a user-provided value"
|
||||
select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -187,5 +187,5 @@ where
|
||||
callbackArg.getALocalSource().getAstNode() = cb and
|
||||
async.getAnArgument() = callbackArg
|
||||
select crasher, crasher, cb,
|
||||
"The server of $@ will terminate when an uncaught exception from here escapes this $@", rh,
|
||||
"this route handler", callbackArg, "asynchronous callback"
|
||||
"The server of $@ will terminate when an uncaught exception from this location escapes an $@.",
|
||||
rh, "this route handler", callbackArg, "asynchronous callback"
|
||||
|
||||
@@ -18,5 +18,5 @@ import semmle.javascript.security.dataflow.ResourceExhaustionQuery
|
||||
|
||||
from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where dataflow.hasFlowPath(source, sink)
|
||||
select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from $@.", source,
|
||||
"here"
|
||||
select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source,
|
||||
"user-provided value"
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"XML parsing depends on $@ without guarding against uncontrolled entity expansion.",
|
||||
source.getNode(), "a user-provided value"
|
||||
"XML parsing depends on a $@ without guarding against uncontrolled entity expansion.",
|
||||
source.getNode(), "user-provided value"
|
||||
|
||||
@@ -112,5 +112,5 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action
|
||||
where
|
||||
isTaintedGuardForSensitiveAction(sink, source, action) and
|
||||
not isEarlyAbortGuard(sink, action)
|
||||
select sink.getNode(), source, sink, "This condition guards a sensitive $@, but $@ controls it.",
|
||||
action, "action", source.getNode(), "a user-provided value"
|
||||
select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.",
|
||||
action, "action", source.getNode(), "user-provided value"
|
||||
|
||||
@@ -19,5 +19,5 @@ import DataFlow::PathGraph
|
||||
from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where dataflow.hasFlowPath(source, sink)
|
||||
select sink, source, sink,
|
||||
"Iteration over a user-controlled object with a potentially unbounded .length property from $@.",
|
||||
source, "a user-provided value"
|
||||
"Iteration over a user-controlled object with a potentially unbounded .length property from a $@.",
|
||||
source, "user-provided value"
|
||||
|
||||
@@ -17,4 +17,5 @@ import DataFlow::PathGraph
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
where cfg.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "$@ flows to file system.", source.getNode(), "Untrusted data"
|
||||
select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(),
|
||||
"Untrusted data"
|
||||
|
||||
@@ -28,5 +28,5 @@ where
|
||||
cfg.hasFlowPath(source, sink) and
|
||||
sink.getNode().(Sink).dependencyInfo(moduleName, dependencyLoc)
|
||||
select sink.getNode(), source, sink,
|
||||
"Prototype pollution caused by merging a user-controlled value from $@ using a vulnerable version of $@.",
|
||||
source, "here", dependencyLoc, moduleName
|
||||
"Prototype pollution caused by merging a $@ using a vulnerable version of $@.", source,
|
||||
"user-controlled value", dependencyLoc, moduleName
|
||||
|
||||
@@ -19,5 +19,5 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Data
|
||||
where
|
||||
cfg.hasFlowPath(source, sink) and
|
||||
request = sink.getNode().(Sink).getARequest()
|
||||
select request, source, sink, "The $@ of this request depends on $@.", sink.getNode(),
|
||||
sink.getNode().(Sink).getKind(), source, "a user-provided value"
|
||||
select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
|
||||
sink.getNode().(Sink).getKind(), source, "user-provided value"
|
||||
|
||||
@@ -18,5 +18,5 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Data
|
||||
where
|
||||
cfg.hasFlowPath(source, sink) and
|
||||
request = sink.getNode().(Sink).getARequest()
|
||||
select request, source, sink, "The $@ of this request depends on $@.", sink.getNode(),
|
||||
sink.getNode().(Sink).getKind(), source, "a user-provided value"
|
||||
select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
|
||||
sink.getNode().(Sink).getKind(), source, "user-provided value"
|
||||
|
||||
Reference in New Issue
Block a user