forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDsnInjectionLocal.ql
More file actions
24 lines (21 loc) · 891 Bytes
/
DsnInjectionLocal.ql
File metadata and controls
24 lines (21 loc) · 891 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/**
* @name SQL Data-source URI built from local user-controlled sources
* @description Building an SQL data-source URI from untrusted sources can allow attacker to compromise security
* @kind path-problem
* @problem.severity error
* @id go/dsn-injection-local
* @tags security
* experimental
* external/cwe/cwe-074
*/
import go
import DsnInjectionCustomizations
import DsnInjectionFlow::PathGraph
/** An argument passed via the command line taken as a source for the `DsnInjectionFlow` taint-flow. */
private class OsArgsSource extends Source {
OsArgsSource() { this = any(Variable c | c.hasQualifiedName("os", "Args")).getARead() }
}
from DsnInjectionFlow::PathNode source, DsnInjectionFlow::PathNode sink
where DsnInjectionFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
"user-provided value"