hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 02:09:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fcfab5238e4bcde13202e6dc7aa80a20609f9907
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll

40 lines
1.2 KiB
Plaintext
Raw Blame History

/**
* Provides a taint tracking configuration for reasoning about string based
* query injection vulnerabilities
*
* Note, for performance reasons: only import this file if
* `SqlInjection::Configuration` is needed, otherwise
* `SqlInjectionCustomizations` should be imported instead.
*/
import javascript
import SqlInjectionCustomizations::SqlInjection
/**
* A taint-tracking configuration for reasoning about string based query injection vulnerabilities.
*/
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "SqlInjection" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(LdapJS::TaintPreservingLdapFilterStep filter |
pred = filter.getInput() and
succ = filter.getOutput()
)
or
exists(HtmlSanitizerCall call |
pred = call.getInput() and
succ = call
)
}
}
Reference in New Issue View Git Blame Copy Permalink