hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port example queries

Browse Source
This commit is contained in:
Asger F
2023-10-04 21:31:23 +02:00
parent 449ec72dbe
commit ccd6d3dcd7
9 changed files with 93 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql
View File

@@ -8,16 +8,17 @@
*/
import javascript
import DataFlow
class EvalTaint extends TaintTracking::Configuration {
EvalTaint() { this = "EvalTaint" }
module EvalTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
override predicate isSource(Node node) { node instanceof RemoteFlowSource }
override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) }
predicate isSink(DataFlow::Node node) {
node = DataFlow::globalVarRef("eval").getACall().getArgument(0)
}
}
from EvalTaint cfg, Node source, Node sink
where cfg.hasFlow(source, sink)
module EvalTaintFlow = TaintTracking::Global<EvalTaintConfig>;
from DataFlow::Node source, DataFlow::Node sink
where EvalTaintFlow::flow(source, sink)
select sink, "Eval with user-controlled input from $@.", source, "here"