зеркало из https://github.com/github/codeql.git
add process.env as source for js/clear-text-logging
This commit is contained in:
Erik Krogh Kristensen
Родитель
b12e255fd8
Коммит
297c71a64b
|
|
@ -42,6 +42,14 @@ module CleartextLogging {
|
|||
write.getRhs() = src and
|
||||
trg.(DataFlow::SourceNode).flowsTo(write.getBase())
|
||||
)
|
||||
or
|
||||
// Taint step through `util.inspect(..)` from Node.js
|
||||
trg = DataFlow::moduleImport("util").getAMethodCall("inspect") and
|
||||
trg.(DataFlow::CallNode).getAnArgument() = src
|
||||
or
|
||||
// Taint step through a `str.replace(..)` call.
|
||||
trg.(DataFlow::MethodCallNode).getCalleeName() = "replace" and
|
||||
trg.(DataFlow::MethodCallNode).getReceiver() = src
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -144,4 +144,13 @@ module CleartextLogging {
|
|||
|
||||
override string describe() { result = "a call to " + name }
|
||||
}
|
||||
|
||||
|
||||
private class ProcessEnvSource extends Source {
|
||||
ProcessEnvSource() {
|
||||
this = DataFlow::globalVarRef("process").getAPropertyRead("env")
|
||||
}
|
||||
|
||||
override string describe() { result = "process environment" }
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -101,6 +101,14 @@ nodes
|
|||
| passwords.js:136:17:136:24 | config.x |
|
||||
| passwords.js:137:17:137:24 | config.y |
|
||||
| passwords.js:137:17:137:24 | config.y |
|
||||
| passwords.js:147:12:147:19 | password |
|
||||
| passwords.js:149:21:149:28 | config.x |
|
||||
| passwords.js:150:21:150:31 | process.env |
|
||||
| passwords.js:152:9:152:63 | procdesc |
|
||||
| passwords.js:152:20:152:44 | Util.in ... ss.env) |
|
||||
| passwords.js:152:20:152:63 | Util.in ... /g, '') |
|
||||
| passwords.js:152:33:152:43 | process.env |
|
||||
| passwords.js:154:21:154:28 | procdesc |
|
||||
| passwords_in_browser1.js:2:13:2:20 | password |
|
||||
| passwords_in_browser1.js:2:13:2:20 | password |
|
||||
| passwords_in_browser1.js:2:13:2:20 | password |
|
||||
|
|
@ -210,16 +218,11 @@ edges
|
|||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
|
||||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
|
||||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
|
||||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
|
||||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
|
||||
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
|
||||
| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password |
|
||||
| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password |
|
||||
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password |
|
||||
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password |
|
||||
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password |
|
||||
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password |
|
||||
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
|
||||
| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x |
|
||||
| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc |
|
||||
| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') |
|
||||
| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc |
|
||||
| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) |
|
||||
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
|
||||
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
|
||||
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
|
||||
|
|
@ -250,6 +253,9 @@ edges
|
|||
| passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | Sensitive data returned by $@ is logged here. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword |
|
||||
| passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | Sensitive data returned by $@ is logged here. | passwords.js:130:12:130:19 | password | an access to password |
|
||||
| passwords.js:137:17:137:24 | config.y | passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | Sensitive data returned by $@ is logged here. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword |
|
||||
| passwords.js:149:21:149:28 | config.x | passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | Sensitive data returned by $@ is logged here. | passwords.js:147:12:147:19 | password | an access to password |
|
||||
| passwords.js:150:21:150:31 | process.env | passwords.js:150:21:150:31 | process.env | passwords.js:150:21:150:31 | process.env | Sensitive data returned by $@ is logged here. | passwords.js:150:21:150:31 | process.env | process environment |
|
||||
| passwords.js:154:21:154:28 | procdesc | passwords.js:152:33:152:43 | process.env | passwords.js:154:21:154:28 | procdesc | Sensitive data returned by $@ is logged here. | passwords.js:152:33:152:43 | process.env | process environment |
|
||||
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | Sensitive data returned by $@ is logged here. | passwords_in_server_1.js:6:13:6:20 | password | an access to password |
|
||||
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | Sensitive data returned by $@ is logged here. | passwords_in_server_2.js:3:13:3:20 | password | an access to password |
|
||||
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | Sensitive data returned by $@ is logged here. | passwords_in_server_3.js:2:13:2:20 | password | an access to password |
|
||||
|
|
|
|||
|
|
@ -137,3 +137,19 @@
|
|||
console.log(config.y); // NOT OK
|
||||
console.log(config[x]); // OK (probably)
|
||||
});
|
||||
|
||||
function indirectLogCall() {
|
||||
console.log.apply(this, arguments);
|
||||
}
|
||||
var Util = require('util');
|
||||
(function() {
|
||||
var config = {
|
||||
x: password
|
||||
};
|
||||
indirectLogCall(config.x); // NOT OK
|
||||
indirectLogCall(process.env); // NOT OK
|
||||
|
||||
var procdesc = Util.inspect(process.env).replace(/\n/g, '')
|
||||
|
||||
indirectLogCall(procdesc); // NOT OK
|
||||
});
|
||||
Загрузка…
Ссылка в новой задаче