Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 908edb3

Browse files
erik-krogherik-krogh
committed
unsecure -> insecure
1 parent 57d2226 commit 908edb3

9 files changed

Lines changed: 56 additions & 51 deletions

File tree

javascript/ql/src/Security/CWE-829/UnsecureDownload.qhelp renamed to javascript/ql/src/Security/CWE-829/InsecureDownload.qhelp

File renamed without changes.

javascript/ql/src/Security/CWE-829/UnsecureDownload.ql renamed to javascript/ql/src/Security/CWE-829/InsecureDownload.ql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
/**
2-
* @name Download of sensitive file through unsecure connection
3-
* @description Downloading executables and other sensitive files over an unsecure connection
2+
* @name Download of sensitive file through insecure connection
3+
* @description Downloading executables and other sensitive files over an insecure connection
44
* opens up for potential man-in-the-middle attacks.
55
* @kind path-problem
66
* @problem.severity error
77
* @precision high
8-
* @id js/unsecure-download
8+
* @id js/insecure-download
99
* @tags security
1010
* external/cwe/cwe-829
1111
*/
1212

1313
import javascript
14-
import semmle.javascript.security.dataflow.UnsecureDownload::UnsecureDownload
14+
import semmle.javascript.security.dataflow.InsecureDownload::InsecureDownload
1515
import DataFlow::PathGraph
1616

1717
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink

javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownload.qll renamed to javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownload.qll

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
/**
2-
* Provides a taint tracking configuration for reasoning about download of sensitive file through unsecure connection.
2+
* Provides a taint tracking configuration for reasoning about download of sensitive file through insecure connection.
33
*
44
* Note, for performance reasons: only import this file if
5-
* `UnsecureDownload::Configuration` is needed, otherwise
6-
* `UnsecureDownloadCustomizations` should be imported instead.
5+
* `InsecureDownload::Configuration` is needed, otherwise
6+
* `InsecureDownloadCustomizations` should be imported instead.
77
*/
88

99
import javascript
1010

11-
module UnsecureDownload {
12-
import UnsecureDownloadCustomizations::UnsecureDownload
11+
module InsecureDownload {
12+
import InsecureDownloadCustomizations::InsecureDownload
1313

1414
/**
15-
* A taint tracking configuration for download of sensitive file through unsecure connection.
15+
* A taint tracking configuration for download of sensitive file through insecure connection.
1616
*/
1717
class Configuration extends DataFlow::Configuration {
1818
Configuration() { this = "HTTP/HTTPS" }

javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownloadCustomizations.qll renamed to javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,19 @@
11
/**
22
* Provides default sources, sinks and sanitizers for reasoning about
3-
* download of sensitive file through unsecure connection, as well as
3+
* download of sensitive file through insecure connection, as well as
44
* extension points for adding your own.
55
*/
66

77
import javascript
88

9-
module UnsecureDownload {
9+
module InsecureDownload {
1010
/**
11-
* A data flow source for download of sensitive file through unsecure connection.
11+
* A data flow source for download of sensitive file through insecure connection.
1212
*/
1313
abstract class Source extends DataFlow::Node { }
1414

1515
/**
16-
* A data flow sink for download of sensitive file through unsecure connection.
16+
* A data flow sink for download of sensitive file through insecure connection.
1717
*/
1818
abstract class Sink extends DataFlow::Node {
1919
/**
@@ -23,13 +23,13 @@ module UnsecureDownload {
2323
}
2424

2525
/**
26-
* A sanitizer for download of sensitive file through unsecure connection.
26+
* A sanitizer for download of sensitive file through insecure connection.
2727
*/
2828
abstract class Sanitizer extends DataFlow::Node { }
2929

3030
/**
3131
* A HTTP or FTP URL that refers to a file with a sensitive file extension,
32-
* seen as a source for download of sensitive file through unsecure connection.
32+
* seen as a source for download of sensitive file through insecure connection.
3333
*/
3434
class SensitiveFileUrl extends Source {
3535
SensitiveFileUrl() {
@@ -55,7 +55,7 @@ module UnsecureDownload {
5555

5656
/**
5757
* A url downloaded by a client-request, seen as a sink for download of
58-
* sensitive file through unsecure connection.a
58+
* sensitive file through insecure connection.a
5959
*/
6060
class ClientRequestURL extends Sink {
6161
ClientRequest request;

javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
nodes
2+
| insecure-download.js:5:16:5:28 | installer.url |
3+
| insecure-download.js:5:16:5:28 | installer.url |
4+
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
5+
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' |
6+
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
7+
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
8+
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
9+
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
10+
| insecure-download.js:36:9:36:45 | url |
11+
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
12+
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" |
13+
| insecure-download.js:37:23:37:25 | url |
14+
| insecure-download.js:37:23:37:25 | url |
15+
| insecure-download.js:39:26:39:28 | url |
16+
| insecure-download.js:39:26:39:28 | url |
17+
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
18+
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
19+
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
20+
edges
21+
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
22+
| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl |
23+
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url |
24+
| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url |
25+
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" |
26+
| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url |
27+
| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url |
28+
| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url |
29+
| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url |
30+
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url |
31+
| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url |
32+
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" |
33+
#select
34+
| insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source |
35+
| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source |
36+
| insecure-download.js:37:23:37:25 | url | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:37:23:37:25 | url | $@ of sensitive file from $@. | insecure-download.js:37:5:37:42 | cp.exec ... () {}) | Download | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
37+
| insecure-download.js:39:26:39:28 | url | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:39:26:39:28 | url | $@ of sensitive file from $@. | insecure-download.js:39:5:39:46 | cp.exec ... () {}) | Download | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | HTTP source |
38+
| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:41:5:41:42 | nugget( ... e.APK") | Download | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | HTTP source |

javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security/CWE-829/InsecureDownload.ql

javascript/ql/test/query-tests/Security/CWE-829/UnsecureDownload.expected

Lines changed: 0 additions & 33 deletions
This file was deleted.

javascript/ql/test/query-tests/Security/CWE-829/UnsecureDownload.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

javascript/ql/test/query-tests/Security/CWE-829/unsecure-download.js renamed to javascript/ql/test/query-tests/Security/CWE-829/insecure-download.js

File renamed without changes.

0 commit comments

Comments
 (0)