mirror of
https://github.com/github/codeql.git
synced 2026-03-22 15:36:48 +01:00
23 lines
702 B
Plaintext
23 lines
702 B
Plaintext
/**
|
|
* @name Uncontrolled data used in path expression
|
|
* @description Accessing paths influenced by users can allow an attacker to access
|
|
* unexpected resources.
|
|
* @kind path-problem
|
|
* @problem.severity error
|
|
* @precision high
|
|
* @id js/path-injection
|
|
* @tags security
|
|
* external/cwe/cwe-022
|
|
* external/cwe/cwe-023
|
|
* external/cwe/cwe-036
|
|
* external/cwe/cwe-073
|
|
* external/cwe/cwe-099
|
|
*/
|
|
|
|
import javascript
|
|
import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
|
|
|
|
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
|
|
where cfg.hasFlow(source, sink)
|
|
select sink, "This path depends on $@.", source, "a user-provided value"
|