forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTaintedNodes.ql
More file actions
27 lines (22 loc) · 862 Bytes
/
TaintedNodes.ql
File metadata and controls
27 lines (22 loc) · 862 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
* @name Tainted expressions
* @description The number of expressions reachable from a remote flow source
* via default taint-tracking steps.
* @kind metric
* @metricType project
* @metricAggregate sum
* @tags meta
* @id js/meta/tainted-nodes
*/
import javascript
import meta.internal.TaintMetrics
class BasicTaintConfiguration extends TaintTracking::Configuration {
BasicTaintConfiguration() { this = "BasicTaintConfiguration" }
override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() }
override predicate isSink(DataFlow::Node node) {
// To reduce noise from synthetic nodes, only count value nodes
node instanceof DataFlow::ValueNode and
not node.getFile() instanceof IgnoredFile
}
}
select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node))