Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JS: Migrate all queries to proper flow states and deprecate FlowLabel #18265

Merged
merged 37 commits into from
Dec 17, 2024
Merged
Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
a8fdd75
JS: Add FlowState class to TaintedUrlSuffix
asgerf Dec 11, 2024
cca9802
JS: Use flow state in barrier and step relations
asgerf Dec 11, 2024
3cf14d8
JS: Migrate ClientSideUrlRedirect to flow state
asgerf Dec 11, 2024
114d4a1
JS: Move FlowState definition into CommonFlowState
asgerf Dec 11, 2024
12289d4
JS: Migrate DomBasedXssQuery to FlowState
asgerf Dec 11, 2024
14ca1c1
JS: Update TaintedUrlSuffix test
asgerf Dec 11, 2024
5f42a71
JS: Migrate TaintedObject to a CommonFlowState
asgerf Dec 11, 2024
15d999a
JS: Migrate DeepObjectResourceExhaustion
asgerf Dec 11, 2024
daddff0
JS: Avoid deprecation warning in XssThroughDom
asgerf Dec 11, 2024
8e8de5c
JS: Migrate LoopBoundInjection
asgerf Dec 12, 2024
c38e3a2
JS: Migrate NoSqlInjection
asgerf Dec 12, 2024
355f7cd
JS: Migrate PrototypePollutingMergeCall
asgerf Dec 12, 2024
3573f0b
JS: Migrate SecondOrderCommandInjection
asgerf Dec 12, 2024
8907252
JS: Migrate TemplateObjectInjection
asgerf Dec 12, 2024
d9a43db
JS: Migrate UnsafeHtmlConstruction
asgerf Dec 12, 2024
42a7208
JS: Migrate ExceptionXss
asgerf Dec 12, 2024
dc3d7a0
Update ExceptionXssCustomizations.qll
asgerf Dec 13, 2024
2112ecc
JS: Migrate HardcodedDataInterpretedAsCode
asgerf Dec 13, 2024
d381ab1
JS: Migrate IncompleteHtmlAttributeSanitization
asgerf Dec 13, 2024
4e25036
JS: Follow naming convention in InsecureModuleFlow module
asgerf Dec 13, 2024
bcc1669
JS: Migrate InsecureDownload
asgerf Dec 13, 2024
a9e89ed
JS: Migrate PrototypePollutingAssignment
asgerf Dec 13, 2024
820f81f
JS: Migrate UnsafeDynamicMethodAccess
asgerf Dec 13, 2024
c951a29
JS: Migrate UnvalidatedDynamicMethodCall
asgerf Dec 13, 2024
a398599
JS: Rename an experimental query
asgerf Dec 13, 2024
d83ddfa
JS: Migrate an experimental CodeInjection query
asgerf Dec 13, 2024
ebe596f
JS: Migrate CorsPermissiveConfiguration
asgerf Dec 13, 2024
73af3f3
JS: Migrate PrototypePollutingFunction
asgerf Dec 13, 2024
69b361a
JS: Migrate a test to use flow state
asgerf Dec 13, 2024
d993c88
JS: Deprecate the FlowLabel class
asgerf Dec 13, 2024
ac6da6c
JS: Add some missing qldoc
asgerf Dec 13, 2024
079294e
JS: Mass rename to node1,state1,node2,state2 naming convention
asgerf Dec 13, 2024
cf6d166
JS: Also update tutorial code
asgerf Dec 13, 2024
db00dad
JS: Avoid deprecation warnings in some tests
asgerf Dec 13, 2024
0b2914f
JS: A few more deprecation updates
asgerf Dec 13, 2024
947b785
JS: Remove reference to deprecated step relation that's empty anyway
asgerf Dec 13, 2024
e5ae7e0
JS: Fix bad join in isOptionallySanitizedEdgeInternal
asgerf Dec 16, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
JS: Add some missing qldoc
asgerf committed Dec 16, 2024
commit ac6da6c2b12b5e6328ebbe486b445d05b98ea6c5
Original file line number Diff line number Diff line change
@@ -26,6 +26,9 @@ module TaintedObject {
ConcreteTaintedObjectLabel() { this = this }
}

/**
* DEPRECATED. Use `isAdditionalFlowStep(node1, state1, node2, state2)` instead.
*/
deprecated predicate step(Node src, Node trg, FlowLabel inlbl, FlowLabel outlbl) {
isAdditionalFlowStep(src, FlowState::fromFlowLabel(inlbl), trg, FlowState::fromFlowLabel(outlbl))
}
Original file line number Diff line number Diff line change
@@ -27,6 +27,7 @@ module ExceptionXss {
this = TNotYetThrown() and result = "not-yet-thrown"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TThrown() and result.isTaint()
or
@@ -36,6 +37,7 @@ module ExceptionXss {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/** A tainted value originating from a thrown and caught exception. */
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ module HardcodedDataInterpretedAsCode {
this = TModified() and result = "modified"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TUnmodified() and result.isData()
or
@@ -30,6 +31,7 @@ module HardcodedDataInterpretedAsCode {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/** An unmodified value originating from a string constant. */
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ module InsecureDownload {
this = TInsecureUrl() and result = "insecure-url"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TSensitiveInsecureUrl() and result instanceof Label::SensitiveInsecureUrl
or
@@ -32,6 +33,7 @@ module InsecureDownload {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/**
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ module PrototypePollutingAssignment {
this = TObjectPrototype() and result = "object-prototype"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TTaint() and result.isTaint()
or
@@ -32,6 +33,7 @@ module PrototypePollutingAssignment {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/** A tainted value. */
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ module UnsafeDynamicMethodAccess {
this = TUnsafeFunction() and result = "unsafe-function"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TTaint() and result.isTaint()
or
@@ -32,6 +33,7 @@ module UnsafeDynamicMethodAccess {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/** A tainted value. */
Original file line number Diff line number Diff line change
@@ -26,6 +26,7 @@ module UnvalidatedDynamicMethodCall {
this = TMaybeFromProto() and result = "maybe-from-proto"
}

/** Gets the corresponding flow label. */
deprecated DataFlow::FlowLabel toFlowLabel() {
this = TTaint() and result.isTaint()
or
@@ -37,6 +38,7 @@ module UnvalidatedDynamicMethodCall {

/** Predicates for working with flow states. */
module FlowState {
/** Gets the flow state corresponding to `label`. */
deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }

/** A tainted value. */