hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-12 02:09:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fcfab5238e4bcde13202e6dc7aa80a20609f9907
codeql/javascript/ql/lib/semmle/javascript/security/dataflow/XxeCustomizations.qll
erik-krogh b3a9c1ca06 Py/JS/RB: Use instanceof in more places
2022-12-12 16:06:57 +01:00

51 lines
1.5 KiB
Plaintext
Raw Blame History

/**
* Provides default sources, sinks and sanitizers for reasoning about
* XML External Entity (XXE) vulnerabilities, as well as extension
* points for adding your own.
*/
import javascript
import semmle.javascript.security.dataflow.DOM
module Xxe {
/**
* A data flow source for XXE vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for XXE vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for XXE vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A source of remote user input, considered as a flow source for XXE vulnerabilities. */
class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
/**
* An access to `document.location`, considered as a flow source for XXE vulnerabilities.
*/
class LocationAsSource extends Source {
LocationAsSource() { isLocationNode(this) }
}
/**
* A call to an XML parser that performs external entity expansion, viewed
* as a data flow sink for XXE vulnerabilities.
*/
class XmlParsingWithExternalEntityResolution extends Sink, DataFlow::ValueNode {
XmlParsingWithExternalEntityResolution() {
exists(XML::ParserInvocation parse | astNode = parse.getSourceArgument() |
parse.resolvesEntities(XML::ExternalEntity(_))
or
parse.resolvesEntities(XML::ParameterEntity(true)) and
parse.resolvesEntities(XML::InternalEntity())
)
}
}
}
Reference in New Issue View Git Blame Copy Permalink