Added some missing QLDoc

aegilops · aegilops · commit 73fc6bcdb1de · 2024-07-01T17:10:24.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/security/FunctionalityFromUntrustedSource.qll b/javascript/ql/lib/semmle/javascript/security/FunctionalityFromUntrustedSource.qll
@@ -1,3 +1,7 @@
+/**
+ * Provides classes for finding functionality that is loaded from untrusted sources and used in script or frame elements.
+ */
+
 import javascript
 
 /** A location that adds a reference to an untrusted source. */
@@ -9,6 +13,7 @@ abstract class AddsUntrustedUrl extends Locatable {
   abstract string getUrl();
 }
 
+/** Looks for static creation of an element and source. */
 module StaticCreation {
   /** Holds if `host` is an alias of localhost. */
   bindingset[host]
@@ -78,13 +83,15 @@ module StaticCreation {
   }
 }
 
+/** Looks for dyanmic creation of an element and source. */
 module DynamicCreation {
   /** Holds if `call` creates a tag of kind `name`. */
   predicate isCreateElementNode(DataFlow::CallNode call, string name) {
     call = DataFlow::globalVarRef("document").getAMethodCall("createElement") and
     call.getArgument(0).getStringValue().toLowerCase() = name
   }
 
+  /** Get the right-hand side of an assignment to a named attribute. */
   DataFlow::Node getAttributeAssignmentRhs(DataFlow::CallNode createCall, string name) {
     result = createCall.getAPropertyWrite(name).getRhs()
     or
@@ -103,6 +110,7 @@ module DynamicCreation {
     not exists(getAttributeAssignmentRhs(createCall, "integrity"))
   }
 
+  /** Holds if `t` tracks a URL that is loaded from an untrusted source. */
   DataFlow::Node urlTrackedFromUnsafeSourceLiteral(DataFlow::TypeTracker t) {
     t.start() and result.getStringValue().regexpMatch("(?i)http:.*")
     or
@@ -126,6 +134,7 @@ module DynamicCreation {
     )
   }
 
+  /** Holds a dataflow node is traked from an untrusted source. */
   DataFlow::Node urlTrackedFromUnsafeSourceLiteral() {
     result = urlTrackedFromUnsafeSourceLiteral(DataFlow::TypeTracker::end())
   }
@@ -144,6 +153,7 @@ module DynamicCreation {
     )
   }
 
+  /** A script or iframe element that refers to untrusted content. */
   class IframeOrScriptSrcAssignment extends AddsUntrustedUrl {
     string name;
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,7 @@`
	`1`	`+/**`
	`2`	`+ * Provides classes for finding functionality that is loaded from untrusted sources and used in script or frame elements.`
	`3`	`+ */`
	`4`	`+`
`1`	`5`	`import javascript`
`2`	`6`
`3`	`7`	`/** A location that adds a reference to an untrusted source. */`
`@@ -9,6 +13,7 @@ abstract class AddsUntrustedUrl extends Locatable {`
`9`	`13`	`abstract string getUrl();`
`10`	`14`	`}`
`11`	`15`
	`16`	`+/** Looks for static creation of an element and source. */`
`12`	`17`	`module StaticCreation {`
`13`	`18`	/** Holds if `host` is an alias of localhost. */
`14`	`19`	`bindingset[host]`
`@@ -78,13 +83,15 @@ module StaticCreation {`
`78`	`83`	`}`
`79`	`84`	`}`
`80`	`85`
	`86`	`+/** Looks for dyanmic creation of an element and source. */`
`81`	`87`	`module DynamicCreation {`
`82`	`88`	/** Holds if `call` creates a tag of kind `name`. */
`83`	`89`	`predicate isCreateElementNode(DataFlow::CallNode call, string name) {`
`84`	`90`	`call = DataFlow::globalVarRef("document").getAMethodCall("createElement") and`
`85`	`91`	`call.getArgument(0).getStringValue().toLowerCase() = name`
`86`	`92`	`}`
`87`	`93`
	`94`	`+ /** Get the right-hand side of an assignment to a named attribute. */`
`88`	`95`	`DataFlow::Node getAttributeAssignmentRhs(DataFlow::CallNode createCall, string name) {`
`89`	`96`	`result = createCall.getAPropertyWrite(name).getRhs()`
`90`	`97`	`or`
`@@ -103,6 +110,7 @@ module DynamicCreation {`
`103`	`110`	`not exists(getAttributeAssignmentRhs(createCall, "integrity"))`
`104`	`111`	`}`
`105`	`112`
	`113`	+ /** Holds if `t` tracks a URL that is loaded from an untrusted source. */
`106`	`114`	`DataFlow::Node urlTrackedFromUnsafeSourceLiteral(DataFlow::TypeTracker t) {`
`107`	`115`	`t.start() and result.getStringValue().regexpMatch("(?i)http:.*")`
`108`	`116`	`or`
`@@ -126,6 +134,7 @@ module DynamicCreation {`
`126`	`134`	`)`
`127`	`135`	`}`
`128`	`136`
	`137`	`+ /** Holds a dataflow node is traked from an untrusted source. */`
`129`	`138`	`DataFlow::Node urlTrackedFromUnsafeSourceLiteral() {`
`130`	`139`	`result = urlTrackedFromUnsafeSourceLiteral(DataFlow::TypeTracker::end())`
`131`	`140`	`}`
`@@ -144,6 +153,7 @@ module DynamicCreation {`
`144`	`153`	`)`
`145`	`154`	`}`
`146`	`155`
	`156`	`+ /** A script or iframe element that refers to untrusted content. */`
`147`	`157`	`class IframeOrScriptSrcAssignment extends AddsUntrustedUrl {`
`148`	`158`	`string name;`
`149`	`159`