hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
51a0b6d501323ab2bb93f0f7994237a162208b78
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll
Andrew Eisenberg 45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
2021-08-25 12:15:56 -07:00

40 lines
1.4 KiB
Plaintext
Raw Blame History

/**
* Provides a taint-tracking configuration for reasoning about
* template object injection vulnerabilities.
*
* Note, for performance reasons: only import this file if
* `TemplateObjectInjection::Configuration` is needed, otherwise
* `TemplateObjectInjectionCustomizations` should be imported instead.
*/
import javascript
import TemplateObjectInjectionCustomizations::TemplateObjectInjection
private import semmle.javascript.security.TaintedObject
/**
* A taint tracking configuration for reasoning about template object injection vulnerabilities.
*/
class TemplateObjInjectionConfig extends TaintTracking::Configuration {
TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" }
override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
source.(Source).getAFlowLabel() = label
}
override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
sink instanceof Sink and label = TaintedObject::label()
}
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
guard instanceof TaintedObject::SanitizerGuard
}
override predicate isAdditionalFlowStep(
DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
) {
TaintedObject::step(src, trg, inlbl, outlbl)
}
}
Reference in New Issue View Git Blame Copy Permalink