hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Oauth2-state query: treat log calls the same as stdout printers

Browse Source 
These presumably get to the user somehow, and in conjunction with stdin use are enough to identify use of oauth at the terminal.
This commit is contained in:
Chris Smowton
2020-08-17 16:14:29 +01:00
parent 3d877fc67d
commit bcb65157e6
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/src/experimental/CWE-352/ConstantOauth2State.ql
View File

@@ -50,6 +50,8 @@ class FlowToPrint extends DataFlow::Configuration {
predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) {
exists(Fmt::Printer printer | call = printer.getACall() | sink = call.getArgument(_))
or
exists(LoggerCall logCall | call = logCall | sink = logCall.getAMessageComponent())
}
override predicate isSource(DataFlow::Node source) { isSource(source, _) }