Skip to content

JS: Add routing trees library #7049

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 37 commits into from
Dec 17, 2021
Merged

JS: Add routing trees library #7049

Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
e9575c3
JS: Support AdditionalUseStep in API graphs
asgerf Sep 6, 2021
aae4260
JS: Routing model
asgerf Oct 7, 2021
3dd5d4d
JS: Instantiate for Express and add tests
asgerf Oct 11, 2021
16fa066
JS: Fix false negative in Mongo model
asgerf Oct 7, 2021
389a3c9
JS: Port CSRF query
asgerf Oct 7, 2021
5269933
JS: Port missing rate limiting query
asgerf Oct 7, 2021
cfb9265
JS: Add template steps for res.locals.x
asgerf Oct 7, 2021
7182056
JS: Instantiate for Fastify
asgerf Oct 7, 2021
400bf10
JS: Move fastify-specific route handler step into extension point
asgerf Oct 7, 2021
d0e94e6
JS: Exclude error handling from auth calls
asgerf Oct 12, 2021
b732193
JS: Improve precision of missing CSRF middleware
asgerf Oct 25, 2021
66b1612
JS: Treat non-cookie based auth as CSRF preventer
asgerf Oct 26, 2021
5f8ea39
JS: Do not flag auth endpoints that are immune to Login CSRF
asgerf Oct 27, 2021
8af430d
JS: Shift line numbers in TemplateObjectInjection test
asgerf Oct 28, 2021
64db70f
JS: Add explicit body-parsers to TemplateObjectInjection test
asgerf Oct 28, 2021
3cbe94a
JS: Add consistency checks to TemplateObjectInjection test
asgerf Oct 28, 2021
7492293
JS: Add test with route handler indirection
asgerf Oct 28, 2021
da8e67b
JS: Use routing trees to detect deeply tainted req.body
asgerf Oct 28, 2021
635ac0a
JS: Fix perf issue in data flow step generation
asgerf Nov 2, 2021
5559681
JS: Change note
asgerf Nov 8, 2021
614c807
Apply suggestions from code review
asgerf Dec 7, 2021
23480b2
JS: Remove stray TODO
asgerf Dec 7, 2021
b2016bd
JS: Merge concepts of client/database in MongoDB model
asgerf Dec 7, 2021
c1bb40f
Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll
asgerf Dec 14, 2021
04bdba8
JS: Shift line numbers in test expectations
asgerf Dec 14, 2021
995e331
JS: Add test for res.locals flow to template
asgerf Dec 14, 2021
1b20506
Update javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll
asgerf Dec 14, 2021
0ca9feb
JS: Always treat routers as resuming dispatch
asgerf Dec 15, 2021
b226f76
JS: Fix tracking of fastify server instance
asgerf Dec 15, 2021
615b2ec
JS: Fix handling of fastify-plugin
asgerf Dec 15, 2021
4d85799
JS: Add test for fastify-rate-limit
asgerf Dec 15, 2021
218b746
JS: Rename getAUseSite -> getRouteInstallation
asgerf Dec 15, 2021
8aa4d82
JS: Rename RouteHandlerInput->RouteHandlerParameter
asgerf Dec 15, 2021
79e6dca
JS: Rename getValueAtAccessPath->getValueImplicitlyStoredInAccessPath
asgerf Dec 15, 2021
784991c
Update javascript/ql/lib/semmle/javascript/Routing.qll
asgerf Dec 15, 2021
53b3581
JS: Add test to stress flow through properties
asgerf Dec 15, 2021
0e9c237
JS: Use a field in RouterHandlerParameter
asgerf Dec 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
JS: Use a field in RouterHandlerParameter
  • Loading branch information
@asgerf
asgerf committed Dec 16, 2021
commit 0e9c2377e39d1e3562b751a34ff7e30cba232ff0
8 changes: 5 additions & 3 deletions javascript/ql/lib/semmle/javascript/Routing.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -818,7 +818,9 @@ module Routing {
* A parameter to a route handler function.
*/
class RouteHandlerParameter extends DataFlow::ParameterNode {
RouteHandlerParameter() { this = any(RouteHandler h).getFunction().getAParameter() }
private RouteHandler handler;

RouteHandlerParameter() { this = handler.getFunction().getAParameter() }

/** Gets a data flow node referring to this route handler parameter. */
private DataFlow::SourceNode ref(DataFlow::TypeTracker t) {
Expand All @@ -834,15 +836,15 @@ module Routing {
/**
* Gets the corresponding route handler, that is, the function on which this is a parameter.
*/
final RouteHandler getRouteHandler() { result.getFunction().getAParameter() = this }
final RouteHandler getRouteHandler() { result = handler }

/**
* Gets a node that is stored in the given access path on this route handler parameter, either
* during execution of this router handler, or in one of the preceding ones.
*/
pragma[inline]
DataFlow::Node getValueFromAccessPath(string path) {
exists(RouteHandler handler, int i, Node predecessor |
exists(int i, Node predecessor |
pragma[only_bind_out](this) = handler.getFunction().getParameter(i) and
result = getAnAccessPathRhs(predecessor, i, path) and
(handler.isGuardedByNode(predecessor) or predecessor = handler)
Expand Down