hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix code example in query.

Browse Source
This commit is contained in:
Max Schaefer
2020-05-13 15:29:30 +01:00
parent ac9e39120b
commit ec2314310e
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ql/src/experimental/CWE-807/SensitiveConditionBypassBad.go
View File

@@ -1,4 +1,8 @@
func ex3(w http.ResponseWriter, r *http.Request) {
package main
import "net/http"
func example(w http.ResponseWriter, r *http.Request) {
test2 := "test"
if r.Header.Get("X-Password") != test2 {
login()

9
ql/src/semmle/go/frameworks/NoSQL.qll
View File

@@ -96,9 +96,12 @@ module NoSQL {
}
}
predicate isAdditionalMongoTaintStep(DataFlow::Node prev, DataFlow::Node succ) {
// Taint bson.E if input is tainted
exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, prev) |
/**
* Holds if taint flows from `pred` to `succ` through a MongoDB-specific API.
*/
predicate isAdditionalMongoTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
// Taint an entry if the `Value` is tainted
exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) |
base = succ.getASuccessor*() and
base.getType().hasQualifiedName(mongoBsonPrimitive(), "E") and
f.getName() = "Value"