mirror of
https://github.com/github/codeql.git
synced 2026-03-23 07:56:54 +01:00
93 lines
2.8 KiB
Plaintext
93 lines
2.8 KiB
Plaintext
/**
|
|
* Provides classes for importing source, sink and flow step summaries
|
|
* through external predicates.
|
|
*/
|
|
|
|
import javascript
|
|
import semmle.javascript.dataflow.Portals
|
|
import external.ExternalArtifact
|
|
|
|
/**
|
|
* An external predicate providing information about additional sources.
|
|
*
|
|
* This predicate can be populated from the output of the `ExtractSourceSummaries` query.
|
|
*/
|
|
external predicate additionalSources(string portal, string flowLabel, string config);
|
|
|
|
/**
|
|
* An external predicate providing information about additional sinks.
|
|
*
|
|
* This predicate can be populated from the output of the `ExtractSinkSummaries` query.
|
|
*/
|
|
external predicate additionalSinks(string portal, string flowLabel, string config);
|
|
|
|
/**
|
|
* An external predicate providing information about additional flow steps.
|
|
*
|
|
* This predicate can be populated from the output of the `ExtractFlowStepSummaries` query.
|
|
*/
|
|
external predicate additionalSteps(string startPortal, string startFlowLabel, string endPortal, string endFlowLabel, string config);
|
|
|
|
/**
|
|
* An additional source specified through the `additionalSources` predicate.
|
|
*/
|
|
private class AdditionalSourceFromSpec extends DataFlow::AdditionalSource {
|
|
Portal portal;
|
|
string flowLabel;
|
|
string config;
|
|
|
|
AdditionalSourceFromSpec() {
|
|
additionalSources(portal.toString(), flowLabel, config) and
|
|
this = portal.getAnExitNode(_)
|
|
}
|
|
|
|
override predicate isSourceFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
|
|
cfg.toString() = config and
|
|
lbl = flowLabel
|
|
}
|
|
}
|
|
|
|
/**
|
|
* An additional sink specified through the `additionalSinks` predicate.
|
|
*/
|
|
private class AdditionalSinkFromSpec extends DataFlow::AdditionalSink {
|
|
Portal portal;
|
|
string flowLabel;
|
|
string config;
|
|
|
|
AdditionalSinkFromSpec() {
|
|
additionalSinks(portal.toString(), flowLabel, config) and
|
|
this = portal.getAnEntryNode(_)
|
|
}
|
|
|
|
override predicate isSinkFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
|
|
cfg.toString() = config and
|
|
lbl = flowLabel
|
|
}
|
|
}
|
|
/**
|
|
* An additional flow step specified through the `additionalSteps` predicate.
|
|
*/
|
|
private class AdditionalFlowStepFromSpec extends DataFlow::Configuration {
|
|
DataFlow::Node entry;
|
|
string startFlowLabel;
|
|
DataFlow::Node exit;
|
|
string endFlowLabel;
|
|
|
|
AdditionalFlowStepFromSpec() {
|
|
exists (Portal startPortal, Portal endPortal |
|
|
additionalSteps(startPortal.toString(), startFlowLabel, endPortal.toString(), endFlowLabel, this) and
|
|
entry = startPortal.getAnEntryNode(_) and
|
|
exit = endPortal.getAnExitNode(_)
|
|
)
|
|
}
|
|
|
|
override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ,
|
|
DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) {
|
|
pred = entry and
|
|
succ = exit and
|
|
predlbl = startFlowLabel and
|
|
succlbl = endFlowLabel
|
|
}
|
|
}
|