hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource

Browse Source
This commit is contained in:
Napalys Klicius
2025-05-01 11:14:15 +02:00
parent 33d8ffa83e
commit d4b5ef6a66
5 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll
View File

@@ -171,7 +171,7 @@ module CleartextLogging {
/** An access to the sensitive object `process.env`. */
class ProcessEnvSource extends Source {
ProcessEnvSource() { this = NodeJSLib::process().getAPropertyRead("env") }
ProcessEnvSource() { this.(ThreatModelSource).getThreatModel() = "environment" }
override string describe() { result = "process environment" }
}

4
javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll
View File

@@ -29,7 +29,7 @@ module IndirectCommandInjection {
* A read of `process.env`, considered as a flow source for command injection.
*/
private class ProcessEnvAsSource extends Source {
ProcessEnvAsSource() { this = NodeJSLib::process().getAPropertyRead("env") }
ProcessEnvAsSource() { this.(ThreatModelSource).getThreatModel() = "environment" }
override string describe() { result = "environment variable" }
}
@@ -37,7 +37,7 @@ module IndirectCommandInjection {
/** Gets a data flow node referring to `process.env`. */
private DataFlow::SourceNode envObject(DataFlow::TypeTracker t) {
t.start() and
result = NodeJSLib::process().getAPropertyRead("env")
result.(ThreatModelSource).getThreatModel() = "environment"
or
exists(DataFlow::TypeTracker t2 | result = envObject(t2).track(t2, t))
}