Skip to content

Commit 5634682

Browse files
jeongsoolee09jeongsoolee09
committed
Port over UI5LogInjection
NOTE: The end-to-end results of the queries are okay (the #select portion is unchanged), but there are difference in `nodes` and `edges` that probably needs attention.
1 parent 54a8654 commit 5634682

File tree

2 files changed

+17
-8
lines changed

2 files changed

+17
-8
lines changed

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5LogInjectionQuery.qll

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
import javascript
22
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
3-
private import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph
4-
import semmle.javascript.security.dataflow.LogInjectionQuery as LogInjection
3+
import semmle.javascript.security.dataflow.LogInjectionQuery
54

6-
class UI5LogInjectionConfiguration extends LogInjection::LogInjectionConfiguration {
7-
override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
5+
module UI5LogInjection implements DataFlow::ConfigSig {
6+
predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
87

9-
override predicate isSink(DataFlow::Node node) {
8+
predicate isBarrier(DataFlow::Node node) { LogInjectionConfig::isBarrier(node) }
9+
10+
predicate isSink(DataFlow::Node node) {
1011
node = ModelOutput::getASinkNode("ui5-log-injection").asSink()
1112
}
1213
}

javascript/frameworks/ui5/src/UI5LogInjection/UI5LogInjection.ql

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,19 @@
1313

1414
import javascript
1515
import advanced_security.javascript.frameworks.ui5.UI5LogInjectionQuery
16-
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph
16+
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
17+
18+
module UI5LogInjectionFlow = TaintTracking::Global<UI5LogInjection>;
19+
20+
module UI5LogInjectionUI5PathGraph =
21+
UI5PathGraph<UI5LogInjectionFlow::PathNode, UI5LogInjectionFlow::PathGraph>;
22+
23+
import UI5LogInjectionUI5PathGraph
1724

1825
from
19-
UI5LogInjectionConfiguration cfg, UI5PathNode source, UI5PathNode sink, UI5PathNode primarySource
26+
UI5LogInjectionUI5PathGraph::UI5PathNode source, UI5LogInjectionUI5PathGraph::UI5PathNode sink,
27+
UI5LogInjectionUI5PathGraph::UI5PathNode primarySource
2028
where
21-
cfg.hasFlowPath(source.getPathNode(), sink.getPathNode()) and
29+
UI5LogInjectionFlow::flowPath(source.getPathNode(), sink.getPathNode()) and
2230
primarySource = source.getAPrimarySource()
2331
select sink, primarySource, sink, "Log entry depends on a $@.", primarySource, "user-provided value"

0 commit comments

Comments
 (0)