mirror of
https://github.com/github/codeql.git
synced 2026-02-23 18:33:42 +01:00
28 lines
903 B
Plaintext
28 lines
903 B
Plaintext
/**
|
|
* @name Sensitive data read from GET request
|
|
* @description Placing sensitive data in a GET request increases the risk of
|
|
* the data being exposed to an attacker.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @security-severity 6.5
|
|
* @precision high
|
|
* @id js/sensitive-get-query
|
|
* @tags security
|
|
* external/cwe/cwe-598
|
|
*/
|
|
|
|
import javascript
|
|
|
|
from
|
|
Routing::RouteSetup setup, Routing::RouteHandler handler, HTTP::RequestInputAccess input,
|
|
SensitiveExpr sensitive
|
|
where
|
|
setup.getOwnHttpMethod() = "GET" and
|
|
setup.getAChild+() = handler and
|
|
input.getRouteHandler() = handler.getFunction() and
|
|
input.getKind() = "parameter" and
|
|
input.(DataFlow::SourceNode).flowsToExpr(sensitive) and
|
|
not sensitive.getClassification() = SensitiveDataClassification::id()
|
|
select input, "$@ for GET requests uses query parameter as sensitive data.", handler,
|
|
"Route handler"
|