Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 65bcf0f

Browse files
author
Max Schaefer
committed
JavaScript: Refactor security queries for uniformity.
1 parent 9b4ae9e commit 65bcf0f

23 files changed

Lines changed: 56 additions & 62 deletions

javascript/ql/src/Security/CWE-079/ReflectedXss.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
import javascript
1515
import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss
1616

17-
from Configuration xss, DataFlow::Node source, DataFlow::Node sink
18-
where xss.hasFlow(source, sink)
17+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
18+
where cfg.hasFlow(source, sink)
1919
select sink, "Cross-site scripting vulnerability due to $@.",
2020
source, "user-provided value"

javascript/ql/src/Security/CWE-079/StoredXss.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
import javascript
1515
import semmle.javascript.security.dataflow.StoredXss::StoredXss
1616

17-
from Configuration xss, DataFlow::Node source, DataFlow::Node sink
18-
where xss.hasFlow(source, sink)
17+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
18+
where cfg.hasFlow(source, sink)
1919
select sink, "Stored cross-site scripting vulnerability due to $@.",
2020
source, "stored value"

javascript/ql/src/Security/CWE-079/Xss.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
import javascript
1515
import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss
1616

17-
from Configuration xss, DataFlow::Node source, Sink sink
18-
where xss.hasFlow(source, sink)
19-
select sink, sink.getVulnerabilityKind() + " vulnerability due to $@.",
17+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
18+
where cfg.hasFlow(source, sink)
19+
select sink, sink.(Sink).getVulnerabilityKind() + " vulnerability due to $@.",
2020
source, "user-provided value"

javascript/ql/src/Security/CWE-089/SqlInjection.ql

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,8 @@ import javascript
1414
import semmle.javascript.security.dataflow.SqlInjection
1515
import semmle.javascript.security.dataflow.NosqlInjection
1616

17-
predicate sqlInjection(DataFlow::Node source, DataFlow::Node sink) {
18-
any(SqlInjection::Configuration cfg).hasFlow(source, sink)
19-
}
20-
21-
predicate nosqlInjection(DataFlow::Node source, DataFlow::Node sink) {
22-
any(NosqlInjection::Configuration cfg).hasFlow(source, sink)
23-
}
24-
25-
from DataFlow::Node source, DataFlow::Node sink
26-
where sqlInjection(source, sink) or
27-
nosqlInjection(source, sink)
17+
from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink
18+
where (cfg instanceof SqlInjection::Configuration or
19+
cfg instanceof NosqlInjection::Configuration) and
20+
cfg.hasFlow(source, sink)
2821
select sink, "This query depends on $@.", source, "a user-provided value"

javascript/ql/src/Security/CWE-094/CodeInjection.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@
1515
import javascript
1616
import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
1717

18-
from Configuration codeInjection, DataFlow::Node source, DataFlow::Node sink
19-
where codeInjection.hasFlow(source, sink)
18+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19+
where cfg.hasFlow(source, sink)
2020
select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"

javascript/ql/src/Security/CWE-134/TaintedFormatString.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,6 @@
1212
import javascript
1313
import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString
1414

15-
from Configuration c, DataFlow::Node source, DataFlow::Node sink
16-
where c.hasFlow(source, sink)
15+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
16+
where cfg.hasFlow(source, sink)
1717
select sink, "$@ flows here and is used in a format string.", source, "User-provided value"

javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@
99
*/
1010

1111
import javascript
12-
import semmle.javascript.security.dataflow.FileAccessToHttp
12+
import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp
1313

14-
from FileAccessToHttp::Configuration config, DataFlow::Node src, DataFlow::Node sink
15-
where config.hasFlow (src, sink)
16-
select sink, "$@ flows directly to outbound network request", src, "File data"
14+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
15+
where cfg.hasFlow (source, sink)
16+
select sink, "$@ flows directly to outbound network request", source, "File data"

javascript/ql/src/Security/CWE-312/CleartextLogging.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ predicate inBrowserEnvironment(TopLevel tl) {
3131
)
3232
}
3333

34-
from Configuration cfg, Source source, DataFlow::Node sink
34+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
3535
where cfg.hasFlow(source, sink) and
3636
// ignore logging to the browser console (even though it is not a good practice)
3737
not inBrowserEnvironment(sink.asExpr().getTopLevel())
38-
select sink, "Sensitive data returned by $@ is logged here.", source, source.describe()
38+
select sink, "Sensitive data returned by $@ is logged here.", source, source.(Source).describe()

javascript/ql/src/Security/CWE-312/CleartextStorage.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@
1515
import javascript
1616
import semmle.javascript.security.dataflow.CleartextStorage::CleartextStorage
1717

18-
from Configuration cleartextStorage, Source source, DataFlow::Node sink
19-
where cleartextStorage.hasFlow(source, sink)
20-
select sink, "Sensitive data returned by $@ is stored here.", source, source.describe()
18+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
19+
where cfg.hasFlow(source, sink)
20+
select sink, "Sensitive data returned by $@ is stored here.", source, source.(Source).describe()

javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@
88
* @tags security
99
* external/cwe/cwe-327
1010
*/
11+
1112
import javascript
12-
import semmle.javascript.security.dataflow.RemoteFlowSources
1313
import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm::BrokenCryptoAlgorithm
1414
import semmle.javascript.security.SensitiveActions
1515

16-
from Configuration brokenCrypto, Source source, DataFlow::Node sink
17-
where brokenCrypto.hasFlow(source, sink) and
16+
from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
17+
where cfg.hasFlow(source, sink) and
1818
not source.asExpr() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash
19-
select sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.describe()
19+
select sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.(Source).describe()

0 commit comments

Comments
 (0)