hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: renames for rb/stored-xss

Browse Source
This commit is contained in:
Alex Ford
2023-09-01 16:13:01 +01:00
parent 030aae5693
commit f5e433940f
2 changed files with 30 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll
View File

@@ -3,16 +3,19 @@
* cross-site scripting vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `StoredXSS::Configuration` is needed, otherwise
* `XSS::StoredXSS` should be imported instead.
* `StoredXssFlow` is needed, otherwise
* `XSS::StoredXss` should be imported instead.
*/
import codeql.ruby.AST
import codeql.ruby.DataFlow
import codeql.ruby.TaintTracking
/** Provides a taint-tracking configuration for cross-site scripting vulnerabilities. */
module StoredXss {
/**
* Provides a taint-tracking configuration for cross-site scripting vulnerabilities.
* DEPRECATED: Use StoredXssFlow
*/
deprecated module StoredXss {
import XSS::StoredXss
/**
@@ -41,20 +44,24 @@ module StoredXss {
}
}
/**
* A taint-tracking configuration for reasoning about Stored XSS.
*/
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
isAdditionalXssTaintStep(node1, node2)
}
}
import TaintTracking::Global<Config>
import TaintTracking::Global<StoredXssConfig>
}
private module StoredXssConfig implements DataFlow::ConfigSig {
private import XSS::StoredXss
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
isAdditionalXssTaintStep(node1, node2)
}
}
/**
* Taint-tracking for reasoning about Stored XSS.
*/
module StoredXssFlow = TaintTracking::Global<StoredXssConfig>;

6
ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
View File

@@ -14,9 +14,9 @@
import codeql.ruby.AST
import codeql.ruby.security.StoredXSSQuery
import StoredXss::PathGraph
import StoredXssFlow::PathGraph
from StoredXss::PathNode source, StoredXss::PathNode sink
where StoredXss::flowPath(source, sink)
from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink
where StoredXssFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.",
source.getNode(), "stored value"