hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 13:53:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f083e87fa159904b2cf2d89657b78dfdc87ef098
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
Andrew Eisenberg 45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
2021-08-25 12:15:56 -07:00

77 lines
2.1 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for reasoning about
* cleartext storage of sensitive information, as well as extension
* points for adding your own.
*/
import javascript
private import semmle.javascript.security.SensitiveActions
module CleartextStorage {
/**
* A data flow source for cleartext storage of sensitive information.
*/
abstract class Source extends DataFlow::Node {
/** Gets a string that describes the type of this data flow source. */
abstract string describe();
}
/**
* A data flow sink for cleartext storage of sensitive information.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for cleartext storage of sensitive information.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* A sensitive expression, viewed as a data flow source for cleartext storage
* of sensitive information.
*/
class SensitiveExprSource extends Source, DataFlow::ValueNode {
override SensitiveExpr astNode;
SensitiveExprSource() {
// storing user names or account names in plaintext isn't usually a problem
astNode.getClassification() != SensitiveDataClassification::id()
}
override string describe() { result = astNode.describe() }
}
/** A call to any function whose name suggests that it encodes or encrypts its arguments. */
class ProtectSanitizer extends Sanitizer {
ProtectSanitizer() { this instanceof ProtectCall }
}
/**
* An expression set as a value on a cookie instance.
*/
class CookieStorageSink extends Sink {
CookieStorageSink() {
exists(HTTP::CookieDefinition cookieDef |
this.asExpr() = cookieDef.getValueArgument() or
this.asExpr() = cookieDef.getHeaderArgument()
)
}
}
/**
* An expression set as a value of localStorage or sessionStorage.
*/
class WebStorageSink extends Sink {
WebStorageSink() { this.asExpr() instanceof WebStorageWrite }
}
/**
* An expression stored by AngularJS.
*/
class AngularJSStorageSink extends Sink {
AngularJSStorageSink() {
any(AngularJS::AngularJSCall call).storesArgumentGlobally(this.asExpr())
}
}
}
Reference in New Issue View Git Blame Copy Permalink