hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Fix modelling of Buffer base64 encoders and decoders.

Browse Source
This commit is contained in:
Max Schaefer
2019-03-13 11:47:20 +00:00
parent 3e8e2ca890
commit f76efcb558
2 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
javascript/ql/src/semmle/javascript/Base64.qll
View File

@@ -97,23 +97,11 @@ private class Atob extends Base64::Decode::Range, DataFlow::CallNode {
override DataFlow::Node getOutput() { result = this }
}
/** A call to `Buffer.from` with encoding `base64`. */
private class Buffer_from extends Base64::Encode::Range, DataFlow::CallNode {
Buffer_from() {
this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
getArgument(1).mayHaveStringValue("base64")
}
override DataFlow::Node getInput() { result = getArgument(0) }
override DataFlow::Node getOutput() { result = this }
}
/**
* A call to `Buffer.prototype.toString` with encoding `base64`, approximated by
* looking for calls to `toString` where the first argument is the string `"base64"`.
*/
private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCallNode {
private class Buffer_toString extends Base64::Encode::Range, DataFlow::MethodCallNode {
Buffer_toString() {
getMethodName() = "toString" and
getArgument(0).mayHaveStringValue("base64")
@@ -124,6 +112,18 @@ private class Buffer_toString extends Base64::Decode::Range, DataFlow::MethodCal
override DataFlow::Node getOutput() { result = this }
}
/** A call to `Buffer.from` with encoding `base64`. */
private class Buffer_from extends Base64::Decode::Range, DataFlow::CallNode {
Buffer_from() {
this = DataFlow::globalVarRef("Buffer").getAMemberCall("from") and
getArgument(1).mayHaveStringValue("base64")
}
override DataFlow::Node getInput() { result = getArgument(0) }
override DataFlow::Node getOutput() { result = this }
}
/**
* A call to a base64 encoding function from one of the npm packages
* `base-64`, `js-base64`, `Base64`, or `base64-js`.

8
javascript/ql/test/library-tests/frameworks/Base64/tests.expected
View File

@@ -1,7 +1,7 @@
test_Encode
| Base64.js:4:17:4:33 | Base64.btoa(data) |
| base64-js.js:4:17:4:40 | base64. ... y(data) |
| base64.js:2:17:2:43 | Buffer. ... ase64') |
| base64.js:3:10:3:35 | encoded ... ase64') |
| base-64.js:4:17:4:35 | base64.encode(data) |
| dom.js:2:17:2:26 | btoa(data) |
| js-base64.js:4:17:4:35 | base64.encode(data) |
@@ -11,7 +11,7 @@ test_Encode
test_Encode_input_output
| Base64.js:4:17:4:33 | Base64.btoa(data) | Base64.js:4:29:4:32 | data | Base64.js:4:17:4:33 | Base64.btoa(data) |
| base64-js.js:4:17:4:40 | base64. ... y(data) | base64-js.js:4:36:4:39 | data | base64-js.js:4:17:4:40 | base64. ... y(data) |
| base64.js:2:17:2:43 | Buffer. ... ase64') | base64.js:2:29:2:32 | data | base64.js:2:17:2:43 | Buffer. ... ase64') |
| base64.js:3:10:3:35 | encoded ... ase64') | base64.js:3:10:3:16 | encoded | base64.js:3:10:3:35 | encoded ... ase64') |
| base-64.js:4:17:4:35 | base64.encode(data) | base-64.js:4:31:4:34 | data | base-64.js:4:17:4:35 | base64.encode(data) |
| dom.js:2:17:2:26 | btoa(data) | dom.js:2:22:2:25 | data | dom.js:2:17:2:26 | btoa(data) |
| js-base64.js:4:17:4:35 | base64.encode(data) | js-base64.js:4:31:4:34 | data | js-base64.js:4:17:4:35 | base64.encode(data) |
@@ -21,7 +21,7 @@ test_Encode_input_output
test_Decode
| Base64.js:5:10:5:29 | Base64.atob(encoded) |
| base64-js.js:5:10:5:38 | base64. ... ncoded) |
| base64.js:3:10:3:35 | encoded ... ase64') |
| base64.js:2:17:2:43 | Buffer. ... ase64') |
| base-64.js:5:10:5:31 | base64. ... ncoded) |
| dom.js:3:10:3:22 | atob(encoded) |
| js-base64.js:5:10:5:31 | base64. ... ncoded) |
@@ -31,7 +31,7 @@ test_Decode
test_Decode_input_output
| Base64.js:5:10:5:29 | Base64.atob(encoded) | Base64.js:5:22:5:28 | encoded | Base64.js:5:10:5:29 | Base64.atob(encoded) |
| base64-js.js:5:10:5:38 | base64. ... ncoded) | base64-js.js:5:31:5:37 | encoded | base64-js.js:5:10:5:38 | base64. ... ncoded) |
| base64.js:3:10:3:35 | encoded ... ase64') | base64.js:3:10:3:16 | encoded | base64.js:3:10:3:35 | encoded ... ase64') |
| base64.js:2:17:2:43 | Buffer. ... ase64') | base64.js:2:29:2:32 | data | base64.js:2:17:2:43 | Buffer. ... ase64') |
| base-64.js:5:10:5:31 | base64. ... ncoded) | base-64.js:5:24:5:30 | encoded | base-64.js:5:10:5:31 | base64. ... ncoded) |
| dom.js:3:10:3:22 | atob(encoded) | dom.js:3:15:3:21 | encoded | dom.js:3:10:3:22 | atob(encoded) |
| js-base64.js:5:10:5:31 | base64. ... ncoded) | js-base64.js:5:24:5:30 | encoded | js-base64.js:5:10:5:31 | base64. ... ncoded) |