hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19422 from Napalys/js/shelljs

Browse Source 
JS: Modeling of `ShellJS` functions
This commit is contained in:
Napalys Klicius
2025-05-02 14:18:44 +02:00
committed by GitHub
parent 74669cb0cb 871e93d9fe
commit d1e769ba54
10 changed files with 63 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
View File

@@ -37,7 +37,7 @@ DataFlow::ObjectLiteralNode tlsOptions() { result.flowsTo(tlsInvocation().getAnA
from DataFlow::PropWrite disable
where
exists(DataFlow::SourceNode env |
env = NodeJSLib::process().getAPropertyRead("env") and
env.(ThreatModelSource).getThreatModel() = "environment" and
disable = env.getAPropertyWrite("NODE_TLS_REJECT_UNAUTHORIZED") and
disable.getRhs().mayHaveStringValue("0")
)