hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Cache together

Browse Source
This commit is contained in:
Asger Feldthaus
2021-03-10 15:14:36 +00:00
parent 7b7e87f177
commit bc4c178648
1 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll
View File

@@ -7,20 +7,35 @@ import semmle.javascript.frameworks.HTTP
import semmle.javascript.security.dataflow.DOM
private import semmle.javascript.internal.CachedStages
/** A data flow source of remote user input. */
cached
abstract class RemoteFlowSource extends DataFlow::Node {
/** Gets a human-readable string that describes the type of this remote flow source. */
private module Cached {
/** A data flow source of remote user input. */
cached
abstract string getSourceType();
abstract class RemoteFlowSource extends DataFlow::Node {
/** Gets a human-readable string that describes the type of this remote flow source. */
cached
abstract string getSourceType();
/**
* Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
*/
cached
predicate isUserControlledObject() { none() }
}
/**
* Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
* A source of remote input in a web browser environment.
*/
cached
predicate isUserControlledObject() { none() }
abstract class ClientSideRemoteFlowSource extends RemoteFlowSource {
/** Gets a string indicating what part of the browser environment this was derived from. */
cached
abstract ClientSideRemoteFlowKind getKind();
}
}
import Cached
/**
* A type of remote flow source that is specific to the browser environment.
*/
@@ -64,14 +79,6 @@ class ClientSideRemoteFlowKind extends string {
predicate isWindowName() { this = "name" }
}
/**
* A source of remote input in a web browser environment.
*/
abstract class ClientSideRemoteFlowSource extends RemoteFlowSource {
/** Gets a string indicating what part of the browser environment this was derived from. */
abstract ClientSideRemoteFlowKind getKind();
}
/**
* A specification of a remote flow source in a JSON file included in the database.
*