hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
413c11171ea6b64b4a600c92717ef81c54df2c6b
codeql/javascript/ql/experimental/CorsPermissiveConfigurationCustomizations.qll
Maiky 413c11171e Move to /experimental
2023-11-23 11:00:47 +01:00

74 lines
2.2 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for reasoning about
* overly permissive CORS configurations, as well as
* extension points for adding your own.
*/
import javascript
/** Module containing sources, sinks, and sanitizers for overly permissive CORS configurations. */
module CorsPermissiveConfiguration {
/**
* A data flow source for permissive CORS configuration.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for permissive CORS configuration.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for permissive CORS configuration.
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A source of remote user input, considered as a flow source for CORS misconfiguration. */
class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
}
/** A flow label representing `true` and `null` values. */
abstract class TrueAndNull extends DataFlow::FlowLabel {
TrueAndNull() { this = "TrueAndNull" }
}
TrueAndNull truenullLabel() { any() }
/** A flow label representing `*` value. */
abstract class Wildcard extends DataFlow::FlowLabel {
Wildcard() { this = "Wildcard" }
}
Wildcard wildcardLabel() { any() }
/** An overly permissive value for `origin` (Apollo) */
class TrueNullValue extends Source {
TrueNullValue() { this.mayHaveBooleanValue(true) or this.asExpr() instanceof NullLiteral }
}
/** An overly permissive value for `origin` (Express) */
class WildcardValue extends Source {
WildcardValue() { this.mayHaveStringValue("*") }
}
/**
* The value of cors origin when initializing the application.
*/
class CorsApolloServer extends Sink, DataFlow::ValueNode {
CorsApolloServer() {
exists(Apollo::ApolloServer agql |
this =
agql.getOptionArgument(0, "cors").getALocalSource().getAPropertyWrite("origin").getRhs()
)
}
}
/**
* The value of cors origin when initializing the application.
*/
class ExpressCors extends Sink, DataFlow::ValueNode {
ExpressCors() { exists(Express::CorsConfiguration config | this = config.getOrigin()) }
}
}
Reference in New Issue View Git Blame Copy Permalink