Skip to content

Commit bc4c178

Browse files
asgerfasgerf
committed
JS: Cache together
1 parent 7b7e87f commit bc4c178

File tree

1 file changed

+21
-14
lines changed

1 file changed

+21
-14
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,35 @@ import semmle.javascript.frameworks.HTTP
77
import semmle.javascript.security.dataflow.DOM
88
private import semmle.javascript.internal.CachedStages
99

10-
/** A data flow source of remote user input. */
1110
cached
12-
abstract class RemoteFlowSource extends DataFlow::Node {
13-
/** Gets a human-readable string that describes the type of this remote flow source. */
11+
private module Cached {
12+
/** A data flow source of remote user input. */
1413
cached
15-
abstract string getSourceType();
14+
abstract class RemoteFlowSource extends DataFlow::Node {
15+
/** Gets a human-readable string that describes the type of this remote flow source. */
16+
cached
17+
abstract string getSourceType();
18+
19+
/**
20+
* Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
21+
*/
22+
cached
23+
predicate isUserControlledObject() { none() }
24+
}
1625

1726
/**
18-
* Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
27+
* A source of remote input in a web browser environment.
1928
*/
2029
cached
21-
predicate isUserControlledObject() { none() }
30+
abstract class ClientSideRemoteFlowSource extends RemoteFlowSource {
31+
/** Gets a string indicating what part of the browser environment this was derived from. */
32+
cached
33+
abstract ClientSideRemoteFlowKind getKind();
34+
}
2235
}
2336

37+
import Cached
38+
2439
/**
2540
* A type of remote flow source that is specific to the browser environment.
2641
*/
@@ -64,14 +79,6 @@ class ClientSideRemoteFlowKind extends string {
6479
predicate isWindowName() { this = "name" }
6580
}
6681

67-
/**
68-
* A source of remote input in a web browser environment.
69-
*/
70-
abstract class ClientSideRemoteFlowSource extends RemoteFlowSource {
71-
/** Gets a string indicating what part of the browser environment this was derived from. */
72-
abstract ClientSideRemoteFlowKind getKind();
73-
}
74-
7582
/**
7683
* A specification of a remote flow source in a JSON file included in the database.
7784
*

0 commit comments

Comments
 (0)