hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
703cea2b65040ddb44fe821b30bd2071919970e6
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll
Asger F fd763a0883 JS: Auto-patch diff informed queries
2025-01-20 11:20:27 +01:00

39 lines
1.1 KiB
Plaintext
Raw Blame History

/**
* Provides a taint tracking configuration for reasoning about host header
* poisoning in email generation.
*/
import javascript
/**
* A taint tracking configuration for host header poisoning.
*/
module HostHeaderPoisoningConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
exists(Http::RequestHeaderAccess input | node = input |
input.getKind() = "header" and
input.getAHeaderName() = "host"
)
}
predicate isSink(DataFlow::Node node) { exists(EmailSender email | node = email.getABody()) }
predicate observeDiffInformedIncrementalMode() { any() }
}
/**
* Taint tracking configuration host header poisoning.
*/
module HostHeaderPoisoningFlow = TaintTracking::Global<HostHeaderPoisoningConfig>;
/**
* DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead.
*/
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "TaintedHostHeader" }
override predicate isSource(DataFlow::Node node) { HostHeaderPoisoningConfig::isSource(node) }
override predicate isSink(DataFlow::Node node) { HostHeaderPoisoningConfig::isSink(node) }
}
Reference in New Issue View Git Blame Copy Permalink