hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-07 22:31:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7524d70e5d5d8d07d57700e6bea390ba201a2778
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
erik-krogh 26d8553f6e ensure consistent casing of names
2022-09-09 10:34:14 +02:00

71 lines
2.0 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for reasoning about
* cleartext storage of sensitive information, as well as extension
* points for adding your own.
*/
import javascript
private import semmle.javascript.security.SensitiveActions
module CleartextStorage {
/**
* A data flow source for cleartext storage of sensitive information.
*/
abstract class Source extends DataFlow::Node {
/** Gets a string that describes the type of this data flow source. */
abstract string describe();
}
/**
* A data flow sink for cleartext storage of sensitive information.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for cleartext storage of sensitive information.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* A sensitive expression, viewed as a data flow source for cleartext storage
* of sensitive information.
*/
class SensitiveExprSource extends Source instanceof SensitiveNode {
SensitiveExprSource() {
// storing user names or account names in plaintext isn't usually a problem
super.getClassification() != SensitiveDataClassification::id()
}
override string describe() { result = SensitiveNode.super.describe() }
}
/** A call to any function whose name suggests that it encodes or encrypts its arguments. */
class ProtectSanitizer extends Sanitizer {
ProtectSanitizer() { this instanceof ProtectCall }
}
/**
* An expression set as a value on a cookie instance.
*/
class CookieStorageSink extends Sink {
CookieStorageSink() {
exists(Http::CookieDefinition cookieDef |
this = cookieDef.getValueArgument() or
this = cookieDef.getHeaderArgument()
)
}
}
/**
* An expression set as a value of localStorage or sessionStorage.
*/
class WebStorageSink extends Sink instanceof WebStorageWrite { }
/**
* An expression stored by AngularJS.
*/
class AngularJSStorageSink extends Sink {
AngularJSStorageSink() { any(AngularJS::AngularJSCallNode call).storesArgumentGlobally(this) }
}
}
Reference in New Issue View Git Blame Copy Permalink