mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
import javascript
|
|
private import semmle.javascript.security.dataflow.Xss
|
|
|
|
query Angular2::PipeRefExpr pipeRef() { any() }
|
|
|
|
query CallExpr pipeCall() { result.getCallee() instanceof Angular2::PipeRefExpr }
|
|
|
|
query CallExpr pipeCallArg(int i, Expr arg) {
|
|
result.getCallee() instanceof Angular2::PipeRefExpr and
|
|
result.getArgument(i) = arg
|
|
}
|
|
|
|
query Angular2::PipeClass pipeClass() { any() }
|
|
|
|
query DataFlow::Node pipeClassRef(Angular2::PipeClass cls) { result = cls.getAPipeRef() }
|
|
|
|
class TaintConfig extends TaintTracking::Configuration {
|
|
TaintConfig() { this = "TaintConfig" }
|
|
|
|
override predicate isSource(DataFlow::Node source) {
|
|
source.(DataFlow::CallNode).getCalleeName() = "source"
|
|
}
|
|
|
|
override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink }
|
|
}
|
|
|
|
query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) {
|
|
any(TaintConfig c).hasFlow(source, sink)
|
|
}
|
|
|
|
query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) {
|
|
attrib.getName() = "[testAttr]" and
|
|
top = attrib.getCodeInAttribute()
|
|
}
|