JS: Add taint source/sink summary queries

asgerf · asgerf · commit 9f8a9b9cadb8 · 2021-04-20T17:10:31.000+01:00
diff --git a/javascript/ql/src/Summary/TaintSinks.ql b/javascript/ql/src/Summary/TaintSinks.ql
@@ -0,0 +1,15 @@
+/**
+ * @name Taint sinks
+ * @description Expressions that are vulnerable if containing untrusted data.
+ * @kind problem
+ * @problem.severity informational
+ * @id js/summary/taint-sinks
+ * @tags summary
+ * @precision medium
+ */
+
+import javascript
+import meta.internal.TaintMetrics
+
+from string kind
+select relevantTaintSink(kind), kind + " sink"
diff --git a/javascript/ql/src/Summary/TaintSources.ql b/javascript/ql/src/Summary/TaintSources.ql
@@ -0,0 +1,16 @@
+/**
+ * @name Taint sources
+ * @description Sources of untrusted input.
+ * @kind problem
+ * @problem.severity informational
+ * @id js/summary/taint-sources
+ * @tags summary
+ * @precision medium
+ */
+
+import javascript
+import meta.internal.TaintMetrics
+
+from RemoteFlowSource node
+where node = relevantTaintSource()
+select node, node.getSourceType()
