Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b00aa36

Browse files
author
Esben Sparre Andreasen
committed
JS: polish HttpToFileAccess.ql
1 parent d261915 commit b00aa36

2 files changed

Lines changed: 7 additions & 7 deletions

File tree

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/**
2-
* @name Http response data flows to File Access
3-
* @description Writing data from an HTTP request directly to the file system allows arbitrary file upload and might indicate a backdoor.
2+
* @name User-controlled data in file
3+
* @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
44
* @kind problem
55
* @problem.severity warning
66
* @id js/http-to-file-access
@@ -11,6 +11,6 @@
1111
import javascript
1212
import semmle.javascript.security.dataflow.HttpToFileAccess
1313

14-
from HttpToFileAccessFlow::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
14+
from HttpToFileAccess::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
1515
where configuration.hasFlow(src, sink)
16-
select sink, "$@ flows to file system", src, "Untrusted data received from Http response"
16+
select sink, "$@ flows to file system", src, "Untrusted data"
Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
2-
| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
3-
| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
1+
| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
2+
| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
3+
| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |

0 commit comments

Comments
 (0)