hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql
Asger Feldthaus c812bd948a JS: Add @problem.severity to an example query
2021-03-25 15:14:48 +00:00

24 lines
696 B
Plaintext
Raw Permalink Blame History

/**
* @name Taint-tracking to 'eval' calls
* @description Tracks user-controlled values into 'eval' calls (special case of js/code-injection).
* @kind problem
* @problem.severity error
* @tags security
* @id js/examples/eval-taint
*/
import javascript
import DataFlow
class EvalTaint extends TaintTracking::Configuration {
EvalTaint() { this = "EvalTaint" }
override predicate isSource(Node node) { node instanceof RemoteFlowSource }
override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) }
}
from EvalTaint cfg, Node source, Node sink
where cfg.hasFlow(source, sink)
select sink, "Eval with user-controlled input from $@.", source, "here"
Reference in New Issue View Git Blame Copy Permalink