JS: Port example queries

2026-05-01 03:35:13 +02:00 · 2023-10-04 21:31:23 +02:00
parent 449ec72dbe
commit ccd6d3dcd7
9 changed files with 93 additions and 84 deletions
--- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql
+++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql
@@ -9,7 +9,7 @@

 import javascript
 import semmle.javascript.security.dataflow.StoredXssQuery
-import DataFlow::PathGraph
+import StoredXssFlow::PathGraph

 /**
 * The data returned from a MySQL query, such as the `data` parameter in this example:
@@ -31,6 +31,6 @@ class MysqlSource extends Source {
  }
 }

-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink
+where StoredXssFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value."
--- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql
+++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql
@@ -10,7 +10,7 @@

 import javascript
 import semmle.javascript.security.dataflow.StoredXssQuery
-import DataFlow::PathGraph
+import StoredXssFlow::PathGraph

 /**
 * Gets an instance of `mysql.createConnection()`, tracked globally.
@@ -45,6 +45,6 @@ class MysqlSource extends Source {
  MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) }
 }

-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink
+where StoredXssFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value."