Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Query for all JavaScript security related sources and sinks #18400

Answered by smowton
yonajix asked this question in Q&A
Discussion options

Hello, I'm working on a project and it requires me to examine npm packages for potential source and sinks for CWEs. I want to use CodeQL for this, I know how to get sources and sinks for specific CWE queries like so:

 import javascript
 import semmle.javascript.security.dataflow.CodeInjectionQuery
 import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source
 where cfg.isSource(source)
 select source

I would like to create a single query to check through all possible sources relating to the existing CWE queries. Is there a way to do this? Perhaps through a new configuration?

Thanks!
You must be logged in to vote

Specifically for sources, you'll find most standard queries use RemoteFlowSource, a common dataflow node classification representing data expected to have come from a remote / outside / untrusted user. There's also ThreatModelSource which is a little broader and includes other possible sources including environment variables that most queries don't consider a threat. Finally as you've noted it's possible to import configurations from different queries and query their source nodes; this will pick up those few queries with extra query-specific sources. If importing multiple of these causes a name clash anywhere you might use import ... as NamespaceName syntax and reference NamespaceName::Co...

Replies: 1 comment

Comment options

Specifically for sources, you'll find most standard queries use RemoteFlowSource, a common dataflow node classification representing data expected to have come from a remote / outside / untrusted user. There's also ThreatModelSource which is a little broader and includes other possible sources including environment variables that most queries don't consider a threat. Finally as you've noted it's possible to import configurations from different queries and query their source nodes; this will pick up those few queries with extra query-specific sources. If importing multiple of these causes a name clash anywhere you might use import ... as NamespaceName syntax and reference NamespaceName::Configuration instead of just Configuration.
You must be logged in to vote
0 replies
Answer selected by yonajix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants

AltStyle によって変換されたページ (->オリジナル) /