hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

change StoredXss example to use TypeTracking

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-08-20 15:05:38 +02:00
parent 906705f84c
commit fa8edeed6a
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql → javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql
View File

@@ -15,18 +15,18 @@ import DataFlow::PathGraph
/**
* An instance of `mysql.createConnection()`, tracked globally.
*/
class MysqlConnection extends TrackedNode {
MysqlConnection() { this = moduleImport("mysql").getAMemberCall("createConnection") }
/**
* Gets a call to the `query` method on this connection object.
*/
MethodCallNode getAQueryCall() {
this.flowsTo(result.getReceiver()) and
result.getMethodName() = "query"
}
DataFlow::SourceNode mysqlConnection(DataFlow::TypeTracker t) {
t.start() and
result = moduleImport("mysql").getAMemberCall("createConnection")
or
exists(DataFlow::TypeTracker t2 | result = mysqlConnection(t2).track(t2, t))
}
/**
* An instance of `mysql.createConnection()`, tracked globally.
*/
DataFlow::SourceNode mysqlConnection() { result = mysqlConnection(DataFlow::TypeTracker::end()) }
/**
* Data returned from a MySQL query.
*
@@ -42,7 +42,7 @@ class MysqlConnection extends TrackedNode {
* ```
*/
class MysqlSource extends StoredXss::Source {
MysqlSource() { this = any(MysqlConnection con).getAQueryCall().getCallback(1).getParameter(1) }
MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) }
}
from StoredXss::Configuration cfg, PathNode source, PathNode sink