Skip to content

Commit 248715c

Browse files
committed
JS: Restrict FileAccessToHttp a bit
1 parent 8a50d99 commit 248715c

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

javascript/ql/src/semmle/javascript/security/dataflow/FileAccessToHttpCustomizations.qll

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,4 +43,23 @@ module FileAccessToHttp {
4343
)
4444
}
4545
}
46+
47+
/**
48+
* A property access to `length`, seen as a sanitizer as it likely contains a number.
49+
*/
50+
private class LengthAccessAsSanitizer extends Sanitizer {
51+
LengthAccessAsSanitizer() {
52+
this.(DataFlow::PropRead).getPropertyName() = "length"
53+
}
54+
}
55+
56+
/**
57+
* A generated code expression, seen as a sanitizer, to block flow from a file
58+
* sent to the client via a template.
59+
*/
60+
private class GeneratedCodeAsSanitizer extends Sanitizer {
61+
GeneratedCodeAsSanitizer() {
62+
this.asExpr() instanceof GeneratedCodeExpr
63+
}
64+
}
4665
}

0 commit comments

Comments
 (0)