hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Replace 'instanceof ClientSideRemoteFlowSource'

Browse Source
This commit is contained in:
Asger F
2025-01-20 13:13:34 +01:00
parent 3061d51b20
commit d647c7b14d
7 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
View File

@@ -34,7 +34,7 @@ module CommandInjection {
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
override string getSourceType() { result = "a user-provided value" }
}

2
javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
View File

@@ -36,7 +36,7 @@ module CorsMisconfigurationForCredentials {
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
}
/**

2
javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
View File

@@ -54,7 +54,7 @@ deprecated class LogInjectionConfiguration extends TaintTracking::Configuration
* A source of remote user controlled input.
*/
class RemoteSource extends Source instanceof RemoteFlowSource {
RemoteSource() { not this instanceof ClientSideRemoteFlowSource }
RemoteSource() { not this.isClientSideSource() }
}
/**

2
javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
View File

@@ -34,7 +34,7 @@ module RegExpInjection {
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
}
private import IndirectCommandInjectionCustomizations

2
javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
View File

@@ -52,7 +52,7 @@ module RequestForgery {
not this.(ClientSideRemoteFlowSource).getKind().isPathOrUrl()
}
override predicate isServerSide() { not this instanceof ClientSideRemoteFlowSource }
override predicate isServerSide() { not super.isClientSideSource() }
}
/**

2
javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
View File

@@ -63,7 +63,7 @@ module ResourceExhaustion {
private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
ActiveThreatModelSourceAsSource() {
// exclude source that only happen client-side
not this instanceof ClientSideRemoteFlowSource and
not this.isClientSideSource() and
not this = DataFlow::parameterNode(any(PostMessageEventHandler pmeh).getEventParameter())
}
}

2
javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
View File

@@ -719,7 +719,7 @@ module TaintedPath {
* An active threat-model source, considered as a flow source.
*/
private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
}
/**