Add support for log injection in MaD

jeongsoolee09 · jeongsoolee09 · commit 4529d8b75af6 · 2023-07-28T22:37:56.000Z
diff --git a/javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md b/javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added support for Model as Data for Log-injection query
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
@@ -66,3 +66,7 @@ class HtmlSanitizer extends Sanitizer instanceof HtmlSanitizerCall { }
 class JsonStringifySanitizer extends Sanitizer {
   JsonStringifySanitizer() { this = any(JsonStringifyCall c).getOutput() }
 }
+
+private class SinkFromModel extends Sink {
+  SinkFromModel() { this = ModelOutput::getASinkNode("log-injection").asSink() }
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added support for Model as Data for Log-injection query
Original file line number	Diff line number	Diff line change
`@@ -66,3 +66,7 @@ class HtmlSanitizer extends Sanitizer instanceof HtmlSanitizerCall { }`
`66`	`66`	`class JsonStringifySanitizer extends Sanitizer {`
`67`	`67`	`JsonStringifySanitizer() { this = any(JsonStringifyCall c).getOutput() }`
`68`	`68`	`}`
	`69`	`+`
	`70`	`+private class SinkFromModel extends Sink {`
	`71`	`+ SinkFromModel() { this = ModelOutput::getASinkNode("log-injection").asSink() }`
	`72`	`+}`