File tree Expand file tree Collapse file tree 7 files changed +26
-84
lines changed
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/counting Expand file tree Collapse file tree 7 files changed +26
-84
lines changed Original file line number Diff line number Diff line change 1+ /*
2+ * For internal use only.
3+ *
4+ *
5+ * Count the number of sinks and alerts for a particular dataflow config.
6+ */
7+
8+ import javascript
9+ import evaluation.EndToEndEvaluation
10+
11+ query predicate countAlertsAndSinks ( int numAlerts , int numSinks ) {
12+ numAlerts =
13+ count ( DataFlow:: Configuration cfg , DataFlow:: Node source , DataFlow:: Node sink |
14+ cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
15+ ) and
16+ numSinks =
17+ count ( DataFlow:: Node sink |
18+ exists ( DataFlow:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
19+ )
20+ }
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `CodeInjection` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.CodeInjectionQuery as CodeInjection
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( CodeInjection:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( CodeInjection:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `NosqlInection` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( NosqlInjection:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( NosqlInjection:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `SqlInection` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( SqlInjection:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( SqlInjection:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `TaintedPath` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( TaintedPath:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( TaintedPath:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `DomBasedXss` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( DomBasedXss:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( DomBasedXss:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
Original file line number Diff line number Diff line change 55 * Count the number of sinks and alerts for the `XssThroughDom` security query.
66 */
77
8- import javascript
98import semmle.javascript.security.dataflow.XssThroughDomQuery as XssThroughDom
10- import evaluation.EndToEndEvaluation
11-
12- int numAlerts ( DataFlow:: Configuration cfg ) {
13- result =
14- count ( DataFlow:: Node source , DataFlow:: Node sink |
15- cfg .hasFlow ( source , sink ) and not isFlowExcluded ( source , sink )
16- )
17- }
18-
19- select numAlerts ( any ( XssThroughDom:: Configuration cfg ) ) as numAlerts ,
20- count ( DataFlow:: Node sink |
21- exists ( XssThroughDom:: Configuration cfg | cfg .isSink ( sink ) or cfg .isSink ( sink , _) )
22- ) as numSinks
9+ import CountAlertsAndSinks
You can’t perform that action at this time.
0 commit comments