Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 63343b1

Browse files
asgerfasgerf
committed
JS: Port StackTraceExposure
1 parent d446444 commit 63343b1

3 files changed

Lines changed: 39 additions & 32 deletions

File tree

javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,10 @@ import StackTraceExposureCustomizations::StackTraceExposure
1414
* A taint-tracking configuration for reasoning about stack trace
1515
* exposure problems.
1616
*/
17-
class Configuration extends TaintTracking::Configuration {
18-
Configuration() { this = "StackTraceExposure" }
19-
20-
override predicate isSource(DataFlow::Node src) { src instanceof Source }
17+
module StackTraceExposureConfig implements DataFlow::ConfigSig {
18+
predicate isSource(DataFlow::Node src) { src instanceof Source }
2119

22-
override predicate isSanitizer(DataFlow::Node nd) {
23-
super.isSanitizer(nd)
24-
or
20+
predicate isBarrier(DataFlow::Node nd) {
2521
// read of a property other than `stack`
2622
nd.(DataFlow::PropRead).getPropertyName() != "stack"
2723
or
@@ -31,5 +27,27 @@ class Configuration extends TaintTracking::Configuration {
3127
nd = StringConcatenation::getAnOperand(_)
3228
}
3329

30+
predicate isSink(DataFlow::Node snk) { snk instanceof Sink }
31+
}
32+
33+
/**
34+
* Taint-tracking for reasoning about stack trace exposure problems.
35+
*/
36+
module StackTraceExposureFlow = TaintTracking::Global<StackTraceExposureConfig>;
37+
38+
/**
39+
* DEPRECATED. Use the `StackTraceExposureFlow` module instead.
40+
*/
41+
deprecated class Configuration extends TaintTracking::Configuration {
42+
Configuration() { this = "StackTraceExposure" }
43+
44+
override predicate isSource(DataFlow::Node src) { src instanceof Source }
45+
46+
override predicate isSanitizer(DataFlow::Node nd) {
47+
super.isSanitizer(nd)
48+
or
49+
StackTraceExposureConfig::isBarrier(nd)
50+
}
51+
3452
override predicate isSink(DataFlow::Node snk) { snk instanceof Sink }
3553
}

javascript/ql/src/Security/CWE-209/StackTraceExposure.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,9 @@
1515

1616
import javascript
1717
import semmle.javascript.security.dataflow.StackTraceExposureQuery
18-
import DataFlow::PathGraph
18+
import StackTraceExposureFlow::PathGraph
1919

20-
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
21-
where cfg.hasFlowPath(source, sink)
20+
from StackTraceExposureFlow::PathNode source, StackTraceExposureFlow::PathNode sink
21+
where StackTraceExposureFlow::flowPath(source, sink)
2222
select sink.getNode(), source, sink, "This information exposed to the user depends on $@.",
2323
source.getNode(), "stack trace information"

javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected

Lines changed: 11 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,22 @@
1-
nodes
2-
| node.js:8:10:8:12 | err |
3-
| node.js:8:10:8:12 | err |
4-
| node.js:11:13:11:15 | err |
5-
| node.js:11:13:11:21 | err.stack |
6-
| node.js:11:13:11:21 | err.stack |
7-
| tst.js:6:12:6:12 | e |
8-
| tst.js:6:12:6:12 | e |
9-
| tst.js:7:13:7:13 | e |
10-
| tst.js:7:13:7:13 | e |
11-
| tst.js:8:15:8:15 | e |
12-
| tst.js:16:20:16:20 | e |
13-
| tst.js:17:11:17:11 | e |
14-
| tst.js:17:11:17:17 | e.stack |
15-
| tst.js:17:11:17:17 | e.stack |
161
edges
172
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
18-
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
19-
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
203
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
214
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
22-
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
23-
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
24-
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
25-
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
265
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
276
| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e |
287
| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e |
298
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
30-
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
9+
nodes
10+
| node.js:8:10:8:12 | err | semmle.label | err |
11+
| node.js:11:13:11:15 | err | semmle.label | err |
12+
| node.js:11:13:11:21 | err.stack | semmle.label | err.stack |
13+
| tst.js:6:12:6:12 | e | semmle.label | e |
14+
| tst.js:7:13:7:13 | e | semmle.label | e |
15+
| tst.js:8:15:8:15 | e | semmle.label | e |
16+
| tst.js:16:20:16:20 | e | semmle.label | e |
17+
| tst.js:17:11:17:11 | e | semmle.label | e |
18+
| tst.js:17:11:17:17 | e.stack | semmle.label | e.stack |
19+
subpaths
3120
#select
3221
| node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information |
3322
| tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information |

0 commit comments

Comments
 (0)