JS: Drive-by change in LogInjection

asgerf · asgerf · commit 822d4525af95 · 2021-04-23T11:59:48.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/LogInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/LogInjection.qll
@@ -67,4 +67,11 @@ module LogInjection {
   class HtmlSanitizer extends Sanitizer {
     HtmlSanitizer() { this instanceof HtmlSanitizerCall }
   }
+
+  /**
+   * A call to `JSON.stringify` or similar, seen as sanitizing log output.
+   */
+  class JsonStringifySanitizer extends Sanitizer {
+    JsonStringifySanitizer() { this = any(JsonStringifyCall c).getOutput() }
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -67,4 +67,11 @@ module LogInjection {`
`67`	`67`	`class HtmlSanitizer extends Sanitizer {`
`68`	`68`	`HtmlSanitizer() { this instanceof HtmlSanitizerCall }`
`69`	`69`	`}`
	`70`	`+`
	`71`	`+ /**`
	`72`	+ * A call to `JSON.stringify` or similar, seen as sanitizing log output.
	`73`	`+ */`
	`74`	`+ class JsonStringifySanitizer extends Sanitizer {`
	`75`	`+ JsonStringifySanitizer() { this = any(JsonStringifyCall c).getOutput() }`
	`76`	`+ }`
`70`	`77`	`}`