Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f4d62c3

Browse files
asgerfasgerf
committed
JS: Port HttpToFileAccess
1 parent 2935aac commit f4d62c3

3 files changed

Lines changed: 33 additions & 28 deletions

File tree

javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,23 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess
1111
/**
1212
* A taint tracking configuration for writing user-controlled data to files.
1313
*/
14-
class Configuration extends TaintTracking::Configuration {
14+
module HttpToFileAccessConfig implements DataFlow::ConfigSig {
15+
predicate isSource(DataFlow::Node source) { source instanceof Source }
16+
17+
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
18+
19+
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
20+
}
21+
22+
/**
23+
* Taint tracking for writing user-controlled data to files.
24+
*/
25+
module HttpToFileAccessFlow = TaintTracking::Global<HttpToFileAccessConfig>;
26+
27+
/**
28+
* DEPRECATED. Use the `HttpToFileAccessFlow` module instead.
29+
*/
30+
deprecated class Configuration extends TaintTracking::Configuration {
1531
Configuration() { this = "HttpToFileAccess" }
1632

1733
override predicate isSource(DataFlow::Node source) { source instanceof Source }

javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@
1313

1414
import javascript
1515
import semmle.javascript.security.dataflow.HttpToFileAccessQuery
16-
import DataFlow::PathGraph
16+
import HttpToFileAccessFlow::PathGraph
1717

18-
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19-
where cfg.hasFlowPath(source, sink)
18+
from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink
19+
where HttpToFileAccessFlow::flowPath(source, sink)
2020
select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(),
2121
"Untrusted data"

javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected

Lines changed: 13 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,22 @@
1-
nodes
2-
| HttpToFileAccess.js:5:18:5:18 | d |
3-
| HttpToFileAccess.js:5:18:5:18 | d |
4-
| HttpToFileAccess.js:6:37:6:37 | d |
5-
| HttpToFileAccess.js:6:37:6:37 | d |
6-
| tst.js:15:26:15:26 | c |
7-
| tst.js:15:26:15:26 | c |
8-
| tst.js:16:33:16:33 | c |
9-
| tst.js:16:33:16:33 | c |
10-
| tst.js:19:25:19:25 | c |
11-
| tst.js:19:25:19:25 | c |
12-
| tst.js:24:22:24:22 | c |
13-
| tst.js:24:22:24:22 | c |
141
edges
152
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
16-
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
17-
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
18-
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
19-
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
203
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
214
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
22-
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
23-
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
245
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
256
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
26-
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
27-
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
28-
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
29-
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
30-
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
7+
| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c |
8+
| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c |
9+
| tst.js:19:25:19:25 | c | tst.js:24:22:24:22 | c |
10+
nodes
11+
| HttpToFileAccess.js:5:18:5:18 | d | semmle.label | d |
12+
| HttpToFileAccess.js:6:37:6:37 | d | semmle.label | d |
13+
| tst.js:15:26:15:26 | c | semmle.label | c |
14+
| tst.js:16:33:16:33 | c | semmle.label | c |
15+
| tst.js:16:33:16:33 | c | semmle.label | c |
16+
| tst.js:19:25:19:25 | c | semmle.label | c |
17+
| tst.js:19:25:19:25 | c | semmle.label | c |
18+
| tst.js:24:22:24:22 | c | semmle.label | c |
19+
subpaths
3120
#select
3221
| HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | Write to file system depends on $@. | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data |
3322
| tst.js:16:33:16:33 | c | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data |

0 commit comments

Comments
 (0)