hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: polish FileAccessToHttp.ql

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-10-05 12:04:21 +02:00
parent c064b1f41d
commit d261915598
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
View File

@@ -1,6 +1,6 @@
/**
* @name File Access data flows to Http POST/PUT
* @description Writing data from file directly to http body or request header can be an indication to data exfiltration or unauthorized information disclosure.
* @name File data in outbound remote request
* @description Directly sending file data in an outbound remote request can indicate unauthorized information disclosure.
* @kind problem
* @problem.severity warning
* @id js/file-access-to-http
@@ -11,6 +11,6 @@
import javascript
import semmle.javascript.security.dataflow.FileAccessToHttp
from FileAccessToHttpDataFlow::Configuration config, DataFlow::Node src, DataFlow::Node sink
from FileAccessToHttp::Configuration config, DataFlow::Node src, DataFlow::Node sink
where config.hasFlow (src, sink)
select src, "$@ flows directly to Http request body", sink, "File access"
select sink, "$@ flows directly to outbound remote request", src, "File data"