10000 JS: Update more query metadata · jsutil/codeql@c96ee86 · GitHub
[go: up one dir, main page]
Skip to content

Commit c96ee86

Browse files
asgerfasgerf
committed
JS: Update more query metadata
1 parent e9e93c0 commit c96ee86

File tree

8 files changed

+8
-0
lines changed

8 files changed

+8
-0
lines changed

javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Finds cases where the 'userId' field in a request to another service
44
* is an arbitrary user-controlled value, indicating lack of authentication.
55
* @kind path-problem
6+
* @problem.severity error
67
* @tags security
78
* @id js/examples/backend-idor
89
*/

javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Tracks the return value of 'escapeHtml' into 'decodeURI', indicating
44
* an ineffective sanitization attempt.
55
* @kind path-problem
6+
* @problem.severity error
67
* @tags security
78
* @id js/examples/decoding-after-sanitization
89
*/

javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Tracks the return value of an HTML sanitizer into an escape-sequence decoder,
44
* indicating an ineffective sanitization attempt.
55
* @kind path-problem
6+
* @problem.severity error
67
* @tags security
78
* @id js/examples/decoding-after-sanitization-generalized
89
*/

javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql

Lines changed: 1 addition & 0 deletions
< 10000 td data-grid-cell-id="diff-e6235314e7c0b7d7b2cd7810ed0b1ac8f24252594579c421cbeea1f57b57cd71-6-7-1" data-selected="false" role="gridcell" style="background-color:var(--bgColor-default);text-align:center" tabindex="-1" valign="top" class="focusable-grid-cell diff-line-number position-relative diff-line-number-neutral left-side">7
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Tracks user-controlled values into 'eval' calls (special case of js/code-injection),
44
* and generates a visualizable path from the source to the sink.
55
* @kind path-problem
6+
* @problem.severity error
6
* @tags security
78
* @id js/examples/eval-taint-path
89
*/

javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Tracks values from an 'authKey' property into a postMessage call with unrestricted origin,
44
* indicating a leak of sensitive information.
55
* @kind path-problem
6+
* @problem.severity warning
67
* @tags security
78
* @id js/examples/information-disclosure
89
*/

javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
* @name Extension of standard query: Stored XSS
33
* @description Extends the standard Stored XSS query with an additional source.
44
* @kind path-problem
5+
* @problem.severity error
56
* @tags security
67
* @id js/examples/stored-xss
78
*/

javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Extends the standard Stored XSS query with an additional source,
44
* using TrackedNode to track MySQL connections globally.
55
* @kind path-problem
6+
* @problem.severity error
67
* @tags security
78
* @id js/examples/stored-xss-trackednode
89
*/

javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
* @name Template injection
33
* @description Tracks user-controlled values to an unescaped lodash template placeholder.
44
* @kind path-problem
5+
* @problem.severity error
56
* @tags security
67
* @id js/examples/template-injection
78
*/

0 commit comments

Comments
 (0)
0