hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b6720ce2c68e2637ffbfba6971cca46acd2c45d
codeql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
Asger F 83095535f9 JS: Port UnvalidatedDynamicMethodCall
2023-10-13 13:15:06 +02:00

25 lines
931 B
Plaintext
Raw Blame History

/**
* @name Unvalidated dynamic method call
* @description Calling a method with a user-controlled name may dispatch to
* an unexpected target, which could cause an exception.
* @kind path-problem
* @problem.severity warning
* @security-severity 7.5
* @precision high
* @id js/unvalidated-dynamic-method-call
* @tags security
* external/cwe/cwe-754
*/
import javascript
import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallQuery
import DataFlow::DeduplicatePathGraph<UnvalidatedDynamicMethodCallFlow::PathNode, UnvalidatedDynamicMethodCallFlow::PathGraph>
from PathNode source, PathNode sink
where
UnvalidatedDynamicMethodCallFlow::flowPath(source.getAnOriginalPathNode(),
sink.getAnOriginalPathNode())
select sink.getNode(), source, sink,
"Invocation of method with $@ name may dispatch to unexpected target and cause an exception.",
source.getNode(), "user-controlled"
Reference in New Issue View Git Blame Copy Permalink