-
Notifications
You must be signed in to change notification settings - Fork 1.9k
-
Hi, I'm working on a project using CodeQL for finding vulnerabilities in JavaScript. Right now I'm dealing with code with known CVEs and I want to investigate the cause of several of the security queries that find source and sink nodes being unable to establish a path between the two even when one should exist.
I'm not sure if there is a way to find all possible paths emanating from source nodes, or paths that flow into sink nodes. I believe this would help me identify gaps in the queries I'm working with.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions
One trick that might work is to make a query that restricts the source to a single one and the sink to be any(). That should help if you know which source was responsible for the CVE and explore all the flow paths starting from there. You can also do the opposite to explore from where data may flow into a single sink node.
Replies: 1 comment 1 reply
-
One trick that might work is to make a query that restricts the source to a single one and the sink to be any(). That should help if you know which source was responsible for the CVE and explore all the flow paths starting from there. You can also do the opposite to explore from where data may flow into a single sink node.
Beta Was this translation helpful? Give feedback.
All reactions
-
Thanks for the response! That did the trick.
Beta Was this translation helpful? Give feedback.