Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4e4597a

Browse files
author
Esben Sparre Andreasen
committed
JS: replace HTTP::RequestBody with ClientRequest.getADataNode
1 parent 0fc56e4 commit 4e4597a

5 files changed

Lines changed: 11 additions & 31 deletions

File tree

javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ private class RequestUrlRequest extends CustomClientRequest {
106106
}
107107

108108
override DataFlow::Node getADataNode() {
109-
none()
109+
result = getArgument(1)
110110
}
111111

112112
}

javascript/ql/src/semmle/javascript/frameworks/HTTP.qll

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -132,11 +132,6 @@ module HTTP {
132132
result = "http" or result = "https"
133133
}
134134

135-
/**
136-
* An expression whose value is sent as (part of) the body of an HTTP request (POST, PUT).
137-
*/
138-
abstract class RequestBody extends DataFlow::Node {}
139-
140135
/**
141136
* An expression whose value is sent as (part of) the body of an HTTP response.
142137
*/

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -775,7 +775,7 @@ module NodeJSLib {
775775
}
776776

777777
override DataFlow::Node getADataNode() {
778-
none()
778+
result = getAMethodCall("write").getArgument(0)
779779
}
780780

781781
}
@@ -811,18 +811,6 @@ module NodeJSLib {
811811
result = "http.request data parameter"
812812
}
813813
}
814-
815-
/**
816-
* An argument to client request.write () method, can be used to write body to a HTTP or HTTPS POST/PUT request,
817-
* or request option (like headers, cookies, even url)
818-
*/
819-
class HttpRequestWriteArgument extends HTTP::RequestBody, DataFlow::Node {
820-
HttpRequestWriteArgument () {
821-
exists(CustomClientRequest req |
822-
this = req.getAMethodCall("write").getArgument(0) or
823-
this = req.getArgument(0))
824-
}
825-
}
826814

827815
/**
828816
* A data flow node that is registered as a callback for an HTTP or HTTPS request made by a Node.js process, for example the function `handler` in `http.request(url).on(message, handler)`.

javascript/ql/src/semmle/javascript/frameworks/Request.qll

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -44,13 +44,5 @@ module Request {
4444
}
4545

4646
}
47-
48-
// using 'request' library to make http 'POST' and 'PUT' requests with message body.
49-
private class RequestPostBody extends HTTP::RequestBody {
50-
RequestPostBody () {
51-
this = DataFlow::moduleMember("request", "post").getACall().getArgument(1) or
52-
this = DataFlow::moduleImport("request").getAnInvocation().getArgument(0)
53-
}
54-
}
5547

5648
}

javascript/ql/src/semmle/javascript/security/dataflow/FileAccessToHttp.qll

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,10 +62,15 @@ module FileAccessToHttpDataFlow {
6262
}
6363
}
6464

65-
/** Sink is any parameter or argument that evaluates to a parameter ot a function or call that sets Http Body on a request */
66-
private class HttpRequestBodyAsSink extends Sink {
67-
HttpRequestBodyAsSink () {
68-
this instanceof HTTP::RequestBody
65+
/**
66+
* The URL or data of a client request, viewed as a sink.
67+
*/
68+
private class ClientRequestUrlOrDataAsSink extends Sink {
69+
ClientRequestUrlOrDataAsSink () {
70+
exists (ClientRequest req |
71+
this = req.getUrl() or
72+
this = req.getADataNode()
73+
)
6974
}
7075
}
7176
}

0 commit comments

Comments
 (0)