Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 11d6259

Browse files
author
Max Schaefer
committed
JavaScript: Move from Node to PathNode.
1 parent 8d87f55 commit 11d6259

29 files changed

Lines changed: 93 additions & 93 deletions

javascript/ql/src/Security/CWE-022/TaintedPath.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,6 @@ import javascript
1818
import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
1919
import DataFlow::PathGraph
2020

21-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
22-
where cfg.hasFlow(source, sink)
23-
select sink, "This path depends on $@.", source, "a user-provided value"
21+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
22+
where cfg.hasPathFlow(source, sink)
23+
select sink.getNode(), "This path depends on $@.", source, "a user-provided value"

javascript/ql/src/Security/CWE-078/CommandInjection.ql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@ import javascript
1616
import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
1717
import DataFlow::PathGraph
1818

19-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
20-
where cfg.hasFlow(source, sink) and
21-
if cfg.isSinkWithHighlight(sink, _) then
22-
cfg.isSinkWithHighlight(sink, highlight)
19+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight
20+
where cfg.hasPathFlow(source, sink) and
21+
if cfg.isSinkWithHighlight(sink.getNode(), _) then
22+
cfg.isSinkWithHighlight(sink.getNode(), highlight)
2323
else
24-
highlight = sink
24+
highlight = sink.getNode()
2525
select highlight, "This command depends on $@.", source, "a user-provided value"

javascript/ql/src/Security/CWE-079/ReflectedXss.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import javascript
1515
import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss
1616
import DataFlow::PathGraph
1717

18-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19-
where cfg.hasFlow(source, sink)
20-
select sink, "Cross-site scripting vulnerability due to $@.",
18+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
where cfg.hasPathFlow(source, sink)
20+
select sink.getNode(), "Cross-site scripting vulnerability due to $@.",
2121
source, "user-provided value"

javascript/ql/src/Security/CWE-079/StoredXss.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import javascript
1515
import semmle.javascript.security.dataflow.StoredXss::StoredXss
1616
import DataFlow::PathGraph
1717

18-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19-
where cfg.hasFlow(source, sink)
20-
select sink, "Stored cross-site scripting vulnerability due to $@.",
18+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
where cfg.hasPathFlow(source, sink)
20+
select sink.getNode(), "Stored cross-site scripting vulnerability due to $@.",
2121
source, "stored value"

javascript/ql/src/Security/CWE-079/Xss.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import javascript
1515
import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss
1616
import DataFlow::PathGraph
1717

18-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19-
where cfg.hasFlow(source, sink)
20-
select sink, sink.(Sink).getVulnerabilityKind() + " vulnerability due to $@.",
18+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
where cfg.hasPathFlow(source, sink)
20+
select sink.getNode(), sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.",
2121
source, "user-provided value"

javascript/ql/src/Security/CWE-089/SqlInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ import semmle.javascript.security.dataflow.SqlInjection
1515
import semmle.javascript.security.dataflow.NosqlInjection
1616
import DataFlow::PathGraph
1717

18-
from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink
18+
from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
1919
where (cfg instanceof SqlInjection::Configuration or
2020
cfg instanceof NosqlInjection::Configuration) and
21-
cfg.hasFlow(source, sink)
22-
select sink, "This query depends on $@.", source, "a user-provided value"
21+
cfg.hasPathFlow(source, sink)
22+
select sink.getNode(), "This query depends on $@.", source, "a user-provided value"

javascript/ql/src/Security/CWE-094/CodeInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,6 @@ import javascript
1616
import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
1717
import DataFlow::PathGraph
1818

19-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
20-
where cfg.hasFlow(source, sink)
21-
select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"
19+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
20+
where cfg.hasPathFlow(source, sink)
21+
select sink.getNode(), "$@ flows to here and is interpreted as code.", source, "User-provided value"

javascript/ql/src/Security/CWE-134/TaintedFormatString.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,6 @@ import javascript
1313
import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString
1414
import DataFlow::PathGraph
1515

16-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
17-
where cfg.hasFlow(source, sink)
18-
select sink, "$@ flows here and is used in a format string.", source, "User-provided value"
16+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
17+
where cfg.hasPathFlow(source, sink)
18+
select sink.getNode(), "$@ flows here and is used in a format string.", source, "User-provided value"

javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,6 @@ import javascript
1212
import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp
1313
import DataFlow::PathGraph
1414

15-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
16-
where cfg.hasFlow (source, sink)
17-
select sink, "$@ flows directly to outbound network request", source, "File data"
15+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
16+
where cfg.hasPathFlow(source, sink)
17+
select sink.getNode(), "$@ flows directly to outbound network request", source, "File data"

javascript/ql/src/Security/CWE-209/StackTraceExposure.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import javascript
1515
import semmle.javascript.security.dataflow.StackTraceExposure::StackTraceExposure
1616
import DataFlow::PathGraph
1717

18-
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19-
where cfg.hasFlow(source, sink)
20-
select sink, "Stack trace information from $@ may be exposed to an external user here.",
18+
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
where cfg.hasPathFlow(source, sink)
20+
select sink.getNode(), "Stack trace information from $@ may be exposed to an external user here.",
2121
source, "here"

0 commit comments

Comments
 (0)