diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index dc034abcb24..cfa34da87fd 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -1,6 +1,6 @@ /** - * @name File Access data flows to Http POST/PUT - * @description Writing data from file directly to http body or request header can be an indication to data exfiltration or unauthorized information disclosure. + * @name File data in outbound remote request + * @description Directly sending file data in an outbound remote request can indicate unauthorized information disclosure. * @kind problem * @problem.severity warning * @id js/file-access-to-http @@ -11,6 +11,6 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttp -from FileAccessToHttpDataFlow::Configuration config, DataFlow::Node src, DataFlow::Node sink +from FileAccessToHttp::Configuration config, DataFlow::Node src, DataFlow::Node sink where config.hasFlow (src, sink) -select src, "$@ flows directly to Http request body", sink, "File access" +select sink, "$@ flows directly to outbound remote request", src, "File data" diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected index 254ae9fc1b4..936c9e0b488 100644 --- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected +++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected @@ -1,8 +1,8 @@ -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | $@ flows directly to Http request body | bufferRead.js:33:21:33:28 | postData | File access | -| googlecompiler.js:44:54:44:57 | data | $@ flows directly to Http request body | googlecompiler.js:38:18:38:26 | post_data | File access | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | $@ flows directly to Http request body | readFileSync.js:26:18:26:18 | s | File access | -| readStreamRead.js:13:21:13:35 | readable.read() | $@ flows directly to Http request body | readStreamRead.js:30:19:30:23 | chunk | File access | -| request.js:28:52:28:55 | data | $@ flows directly to Http request body | request.js:8:11:8:20 | {jsonData} | File access | -| request.js:43:51:43:54 | data | $@ flows directly to Http request body | request.js:16:11:23:3 | {\\n u ... ody\\n } | File access | -| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:14:20:19:9 | {\\n ... } | File access | -| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:20:20:25:9 | {\\n ... } | File access | +| bufferRead.js:33:21:33:28 | postData | $@ flows directly to outbound remote request | bufferRead.js:12:22:12:43 | new Buf ... s.size) | File data | +| googlecompiler.js:38:18:38:26 | post_data | $@ flows directly to outbound remote request | googlecompiler.js:44:54:44:57 | data | File data | +| readFileSync.js:26:18:26:18 | s | $@ flows directly to outbound remote request | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | File data | +| readStreamRead.js:30:19:30:23 | chunk | $@ flows directly to outbound remote request | readStreamRead.js:13:21:13:35 | readable.read() | File data | +| request.js:8:11:8:20 | {jsonData} | $@ flows directly to outbound remote request | request.js:28:52:28:55 | data | File data | +| request.js:16:11:23:3 | {\\n u ... ody\\n } | $@ flows directly to outbound remote request | request.js:43:51:43:54 | data | File data | +| sentAsHeaders.js:14:20:19:9 | {\\n ... } | $@ flows directly to outbound remote request | sentAsHeaders.js:10:79:10:84 | buffer | File data | +| sentAsHeaders.js:20:20:25:9 | {\\n ... } | $@ flows directly to outbound remote request | sentAsHeaders.js:10:79:10:84 | buffer | File data |