hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: update a js/code-injection test

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-09-11 09:45:54 +02:00
parent e41080fb40
commit f3de75ae07
3 changed files with 111 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql Normal file
View File

@@ -0,0 +1,9 @@
import javascript
import semmle.javascript.heuristics.AdditionalSources
import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
import DataFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource
select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.",
source.getNode(), "User-provided value"