Skip to content

Commit 1dcfe89

Browse files
committed
add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment
1 parent ac473c0 commit 1dcfe89

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,17 @@ module TaintedUrlSuffix {
2626
*/
2727
FlowLabel label() { result instanceof TaintedUrlSuffixLabel }
2828

29+
/**
30+
* Gets a remote flow source that is a tainted URL query or fragment part.
31+
*/
32+
ClientSideRemoteFlowSource source() {
33+
result.getKind().isFragment()
34+
or
35+
result.getKind().isQuery()
36+
or
37+
result.getKind().isUrl()
38+
}
39+
2940
/** Holds for `pred -> succ` is a step of form `x -> x.p` */
3041
private predicate isSafeLocationProp(DataFlow::PropRead read) {
3142
// Ignore properties that refer to the scheme, domain, port, auth, or path.

0 commit comments

Comments
 (0)