hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 13:53:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f083e87fa159904b2cf2d89657b78dfdc87ef098
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombCustomizations.qll
Andrew Eisenberg 45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
2021-08-25 12:15:56 -07:00

50 lines
1.4 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for reasoning about
* XML-bomb vulnerabilities, as well as extension points for adding
* your own.
*/
import javascript
import semmle.javascript.security.dataflow.DOM
module XmlBomb {
/**
* A data flow source for XML-bomb vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for XML-bomb vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for XML-bomb vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A source of remote user input, considered as a flow source for XML bomb vulnerabilities. */
class RemoteFlowSourceAsSource extends Source {
RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
}
/**
* An access to `document.location`, considered as a flow source for XML bomb vulnerabilities.
*/
class LocationAsSource extends Source, DataFlow::ValueNode {
LocationAsSource() { isLocation(astNode) }
}
/**
* A call to an XML parser that performs internal entity expansion, viewed
* as a data flow sink for XML-bomb vulnerabilities.
*/
class XmlParsingWithEntityResolution extends Sink, DataFlow::ValueNode {
XmlParsingWithEntityResolution() {
exists(XML::ParserInvocation parse | astNode = parse.getSourceArgument() |
parse.resolvesEntities(XML::InternalEntity())
)
}
}
}
Reference in New Issue View Git Blame Copy Permalink