hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-07 11:40:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6f29a877fafec6dfa24ec561df6b2a4ad6419e90
codeql/javascript/ql/src/Security/CWE-117/LogInjection.ql
Erik Krogh Kristensen 6f29a877fa move logInjection out of experimental
2020-12-01 09:18:40 +01:00

21 lines
676 B
Plaintext
Raw Blame History

/**
* @name Log Injection
* @description Building log entries from user-controlled sources is vulnerable to
* insertion of forged log entries by a malicious user.
* @kind path-problem
* @problem.severity error
* @precision medium
* @id js/log-injection
* @tags security
* external/cwe/cwe-117
*/
import javascript
import DataFlow::PathGraph
import semmle.javascript.security.dataflow.LogInjection::LogInjection
from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(),
"User-provided value"
Reference in New Issue View Git Blame Copy Permalink