hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add RemoteServerResponse as a heuristic remote flow source

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-09-11 09:11:12 +02:00
parent f7bfc472c1
commit e41080fb40
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/src/semmle/javascript/heuristics/AdditionalSources.qll
View File

@@ -31,4 +31,25 @@ private class JSONStringifyAsCommandInjectionSource extends HeuristicSource,
JSONStringifyAsCommandInjectionSource() {
this = DataFlow::globalVarRef("JSON").getAMemberCall("stringify")
}
override string getSourceType() { result = "a string from JSON.stringify" }
}
/**
* A response from a remote server.
*/
class RemoteServerResponse extends HeuristicSource, RemoteFlowSource {
RemoteServerResponse() {
exists(ClientRequest r |
this = r.getAResponseDataNode() and
not exists(string url, string protocolPattern |
// exclude URLs to the current host
r.getUrl().mayHaveStringValue(url) and
protocolPattern = "(?[a-z+]{3,10}:)" and
not url.regexpMatch(protocolPattern + "?//.*")
)
)
}
override string getSourceType() { result = "a response from a remote server" }
}