codeql-sap-js/javascript/frameworks/xsjs/ext/xsjs.model.yml at dc481e8eeec7ec79146ef6c68366bce973fafaab · advanced-security/codeql-sap-js · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
extensions:
  - addsTo:
      pack: codeql/javascript-all
      extensible: typeModel
    data:
      # ========== 1. Web Request ==========
      - [WebRequest, XsjsDollar, "Member[request]"]
      - [WebRequest, XsjsDollar, "Member[request].Member[entities].Fuzzy"]

      # ========== 1-1. Web Request Bodies ==========
      - [WebRequestBody, WebRequest, "Member[body]"]

      # ========== 1-2. Web Request Parameters ==========
      - [WebRequestParameters, WebRequest, "Member[parameters]"]

      # ========== 1-3. Web Request Headers ==========
      - [WebRequestHeaders, WebRequest, "Member[headers]"]

      # ========== 2. Web Response ==========
      - [WebResponse, global, "Member[$].Member[response]"]
      - [WebResponse, global, "Member[$].Member[response].Member[entities].Fuzzy"]

      # ========== 2-1. Web Response Bodies ==========
      - [WebResponseBody, global, "Member[body]"]

      # ========== 3. Mail, SMTPConnection ==========
      - [Mail, XsjsDollar, "Member[net].Member[Mail].Instance"]
      - [SMTPConnection, XsjsDollar, "Member[net].Member[SMTPConnection].Instance"]

      # ========== 4. Inbound Web Response ==========
      - [InboundResponse, XsjsDollar, "Member[net].Member[http].Member[Client].Instance.Member[getResponse].ReturnValue"]

  - addsTo:
      pack: codeql/javascript-all
      extensible: sourceModel
    data:
      # ========== 1. Retrieving Web Request Body ==========
      - [WebRequestBody, "Member[asArrayBuffer].ReturnValue", remote]
      - [WebRequestBody, "Member[asString].ReturnValue", remote]
      - [WebRequestBody, "Member[asWebRequest].ReturnValue", remote]

      # ========== 2. Retrieving Web Request Parameter Value ==========
      - [WebRequestParameters, "Member[get].ReturnValue", remote]
      - [WebRequestParameters, AnyMember, remote]

      # ========== 3. Receiving Response through HTTPClient ==========
      - [HTTPClient, "InboundResponse.Member[body]", remote]
      - [HTTPClient, "InboundResponse.Member[body].Member[asArrayBuffer].ReturnValue", remote]
      - [HTTPClient, "InboundResponse.Member[body].Member[asString].ReturnValue", remote]
      - [HTTPClient, "InboundResponse.Member[body].Member[asWebRequest].ReturnValue", remote]
      - [HTTPClient, "InboundResponse.Member[cacheControl]", remote]
      - [HTTPClient, "InboundResponse.Member[contentType]", remote]
      - [HTTPClient, "InboundResponse.Member[cookies]", remote]
      - [HTTPClient, "InboundResponse.Member[entities]", remote]
      - [HTTPClient, "InboundResponse.Member[headers]", remote]
      - [HTTPClient, "InboundResponse.Member[status]", remote]

  - addsTo:
      pack: codeql/javascript-all
      extensible: sinkModel
    data:
      - [WebResponse, "Member[setBody].Argument[0]", html-injection]
      - [XsjsDollar, "Member[import].Argument[0..1]", path-injection]
      # - [Mail, "Member[send].Argument[this]", "???"]
      # - [SMTPConnection, "Member[send].Argument[0]", "???"]
      # - ["HTTPClient", "Member[request].Argument[0]", "???"]

  - addsTo:
      pack: codeql/javascript-all
      extensible: summaryModel
    data:
      - [global, "Member[JSON].Member[parse]", "Argument[0]", "ReturnValue", taint]
      - ["@sap/xss-secure", "Member[encodeCSS,encodeHTML,encodeJS,encodeURL,encodeXML]", "Argument[0]", "ReturnValue", "taint"]