A taint tracking configuration for reasoning about DoS attacks due to inefficient handling
of user-controlled objects.
Import path
import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery
Imports
| CommonFlowState | Contains a class with flow states that are used by multiple queries.
|
Predicates
| getASelectedSinkLocation | Gets a location that will be associated with the given sink in a diff-informed query that uses this configuration (see observeDiffInformedIncrementalMode). By default, this is the location of the sink itself, but this predicate should include any locations that are reported as the primary-location of the query or as an additional location (“$@” interpolation). Queries with @kind path-problem that override this predicate should also return the location of the sink itself. For a query that doesn’t report the sink at all, this predicate should be none().
|
| isAdditionalFlowStep | Holds if data may flow from node1 to node2 in addition to the normal data-flow steps. This step is only applicable in state1 and updates the flow state to state2.
|
| isBarrier | Holds if data flow through node is prohibited. This completely removes node from the data flow graph.
|
| isBarrier | Holds if data flow through node is prohibited when the flow state is state.
|
| isSink | Holds if sink is a relevant data flow sink accepting state.
|
| isSource | Holds if source is a relevant data flow source with the given initial state.
|
| observeDiffInformedIncrementalMode | Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by AlertFiltering. This only has an effect when running in diff-informed incremental mode.
|