hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 20:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3d46129bbfbc9ad3132d967dc22cff714cb0d605
codeql/javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
Erik Krogh Kristensen 0c4f08c841 refactor the CredentialsExpr to be a dataflow node
2022-09-05 16:11:54 +02:00

51 lines
1.4 KiB
Plaintext
Raw Blame History

/**
* Provides classes for working with JWT libraries.
*/
import javascript
/**
* Provides classes and predicates modeling the `jwt-decode` library.
*/
private module JwtDecode {
/**
* A taint-step for `succ = require("jwt-decode")(pred)`.
*/
private class JwtDecodeStep extends TaintTracking::SharedTaintStep {
override predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call |
call = DataFlow::moduleImport("jwt-decode").getACall() and
pred = call.getArgument(0) and
succ = call
)
}
}
}
/**
* Provides classes and predicates modeling the `jsonwebtoken` library.
*/
private module JsonWebToken {
/**
* A taint-step for `require("jsonwebtoken").verify(pred, "key", (err succ) => {...})`.
*/
private class VerifyStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call |
call = DataFlow::moduleMember("jsonwebtoken", "verify").getACall() and
pred = call.getArgument(0) and
succ = call.getABoundCallbackParameter(2, 1)
)
}
}
/**
* The private key for a JWT as a `CredentialsNode`.
*/
private class JwtKey extends CredentialsNode {
JwtKey() { this = DataFlow::moduleMember("jsonwebtoken", "sign").getACall().getArgument(1) }
override string getCredentialsKind() { result = "key" }
}
}
Reference in New Issue View Git Blame Copy Permalink