stash

am0o0 · May 13, 2024 · bdee99a · bdee99a
1 parent 01fb29e
commit bdee99a
Show file tree

Hide file tree

Showing 14 changed files with 355 additions and 275 deletions.
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll
@@ -26,23 +26,23 @@ module AWS {
     )
   }
 
-  /**
-   * An expression that is used as an AWS config value: `{ accessKeyId: <user>, secretAccessKey: <password>}`.
-   */
-  class Credentials extends CredentialsNode {
-    string kind;
+  // /**
+  //  * An expression that is used as an AWS config value: `{ accessKeyId: <user>, secretAccessKey: <password>}`.
+  //  */
+  // class Credentials extends CredentialsNode {
+  //   string kind;
 
-    Credentials() {
-      exists(string prop, DataFlow::InvokeNode invk, int i |
-        takesConfigurationObject(invk, i) and
-        this = invk.getOptionArgument(i, prop)
-      |
-        prop = "accessKeyId" and kind = "user name"
-        or
-        prop = "secretAccessKey" and kind = "password"
-      )
-    }
+  //   Credentials() {
+  //     exists(string prop, DataFlow::InvokeNode invk, int i |
+  //       takesConfigurationObject(invk, i) and
+  //       this = invk.getOptionArgument(i, prop)
+  //     |
+  //       prop = "accessKeyId" and kind = "user name"
+  //       or
+  //       prop = "secretAccessKey" and kind = "password"
+  //     )
+  //   }
 
-    override string getCredentialsKind() { result = kind }
-  }
+  //   override string getCredentialsKind() { result = kind }
+  // }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Azure.qll b/javascript/ql/lib/semmle/javascript/frameworks/Azure.qll
@@ -8,21 +8,21 @@ module Azure {
   /**
    * An expression that is used for authentication at Azure`.
    */
-  class Credentials extends CredentialsNode {
-    string kind;
+  // class Credentials extends CredentialsNode {
+  //   string kind;
 
-    Credentials() {
-      exists(DataFlow::CallNode mce |
-        mce =
-          DataFlow::moduleMember("ms-rest-azure",
-            ["loginWithUsernamePassword", "loginWithServicePrincipalSecret"]).getACall()
-      |
-        this = mce.getArgument(0) and kind = "user name"
-        or
-        this = mce.getArgument(1) and kind = "password"
-      )
-    }
+  //   Credentials() {
+  //     exists(DataFlow::CallNode mce |
+  //       mce =
+  //         DataFlow::moduleMember("ms-rest-azure",
+  //           ["loginWithUsernamePassword", "loginWithServicePrincipalSecret"]).getACall()
+  //     |
+  //       this = mce.getArgument(0) and kind = "user name"
+  //       or
+  //       this = mce.getArgument(1) and kind = "password"
+  //     )
+  //   }
 
-    override string getCredentialsKind() { result = kind }
-  }
+  //   override string getCredentialsKind() { result = kind }
+  // }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -285,21 +285,21 @@ module ClientRequest {
   }
 
   /** An expression that is used as a credential in a request. */
-  private class AuthorizationHeader extends CredentialsNode {
-    AuthorizationHeader() {
-      exists(DataFlow::PropWrite write | write.getPropertyName().regexpMatch("(?i)authorization") |
-        this = write.getRhs()
-      )
-      or
-      exists(DataFlow::MethodCallNode call | call.getMethodName() = ["append", "set"] |
-        call.getNumArgument() = 2 and
-        call.getArgument(0).getStringValue().regexpMatch("(?i)authorization") and
-        this = call.getArgument(1)
-      )
-    }
-
-    override string getCredentialsKind() { result = "authorization header" }
-  }
+  // private class AuthorizationHeader extends CredentialsNode {
+  //   AuthorizationHeader() {
+  //     exists(DataFlow::PropWrite write | write.getPropertyName().regexpMatch("(?i)authorization") |
+  //       this = write.getRhs()
+  //     )
+  //     or
+  //     exists(DataFlow::MethodCallNode call | call.getMethodName() = ["append", "set"] |
+  //       call.getNumArgument() = 2 and
+  //       call.getArgument(0).getStringValue().regexpMatch("(?i)authorization") and
+  //       this = call.getArgument(1)
+  //     )
+  //   }
+
+  //   override string getCredentialsKind() { result = "authorization header" }
+  // }
 
   /**
    * A model of a URL request made using an implementation of the `fetch` API.

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll b/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll
@@ -100,23 +100,23 @@ module Connect {
     DataFlow::Node getARouteHandlerNode() { result = this.getAnArgument() }
   }
 
-  /** An expression that is passed as `basicAuthConnect(<user>, <password>)`. */
-  class Credentials extends CredentialsNode {
-    string kind;
-
-    Credentials() {
-      exists(DataFlow::CallNode call |
-        call = DataFlow::moduleImport("basic-auth-connect").getAnInvocation() and
-        call.getNumArgument() = 2
-      |
-        this = call.getArgument(0) and kind = "user name"
-        or
-        this = call.getArgument(1) and kind = "password"
-      )
-    }
-
-    override string getCredentialsKind() { result = kind }
-  }
+  // /** An expression that is passed as `basicAuthConnect(<user>, <password>)`. */
+  // class Credentials extends CredentialsNode {
+  //   string kind;
+
+  //   Credentials() {
+  //     exists(DataFlow::CallNode call |
+  //       call = DataFlow::moduleImport("basic-auth-connect").getAnInvocation() and
+  //       call.getNumArgument() = 2
+  //     |
+  //       this = call.getArgument(0) and kind = "user name"
+  //       or
+  //       this = call.getArgument(1) and kind = "password"
+  //     )
+  //   }
+
+  //   override string getCredentialsKind() { result = kind }
+  // }
 
   deprecated class RequestExpr = NodeJSLib::RequestExpr;
 

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
@@ -34,9 +34,9 @@ abstract class CryptographicKeyCreation extends DataFlow::Node {
 /**
  * A key used in a cryptographic algorithm, viewed as a `CredentialsNode`.
  */
-class CryptographicKeyCredentialsExpr extends CredentialsNode instanceof CryptographicKey {
-  override string getCredentialsKind() { result = "key" }
-}
+// class CryptographicKeyCredentialsExpr extends CredentialsNode instanceof CryptographicKey {
+//   override string getCredentialsKind() { result = "key" }
+// }
 
 // Holds if `algorithm` is an `EncryptionAlgorithm` that uses a block cipher
 private predicate isBlockEncryptionAlgorithm(CryptographicAlgorithm algorithm) {

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/DigitalOcean.qll b/javascript/ql/lib/semmle/javascript/frameworks/DigitalOcean.qll
@@ -8,17 +8,17 @@ module DigitalOcean {
   /**
    * An expression that is used for authentication at DigitalOcean: `digitalocean.client(<token>)`.
    */
-  class Credentials extends CredentialsNode {
-    string kind;
+  // class Credentials extends CredentialsNode {
+  //   string kind;
 
-    Credentials() {
-      exists(DataFlow::CallNode mce |
-        mce = DataFlow::moduleMember("digitalocean", "client").getACall()
-      |
-        this = mce.getArgument(0) and kind = "token"
-      )
-    }
+  //   Credentials() {
+  //     exists(DataFlow::CallNode mce |
+  //       mce = DataFlow::moduleMember("digitalocean", "client").getACall()
+  //     |
+  //       this = mce.getArgument(0) and kind = "token"
+  //     )
+  //   }
 
-    override string getCredentialsKind() { result = kind }
-  }
+  //   override string getCredentialsKind() { result = kind }
+  // }
 }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
@@ -1007,27 +1007,27 @@ module Express {
     }
   }
 
-  /** An expression that is passed as `expressBasicAuth({ users: { <user>: <password> }})`. */
-  class Credentials extends CredentialsNode {
-    string kind;
-
-    Credentials() {
-      exists(DataFlow::CallNode call, DataFlow::ModuleImportNode mod |
-        mod.getPath() = "express-basic-auth" and
-        call = mod.getAnInvocation() and
-        exists(DataFlow::ObjectLiteralNode usersSrc, DataFlow::PropWrite pwn |
-          usersSrc.flowsTo(call.getOptionArgument(0, "users")) and
-          usersSrc.flowsTo(pwn.getBase())
-        |
-          this = pwn.getPropertyNameExpr().flow() and kind = "user name"
-          or
-          this = pwn.getRhs() and kind = "password"
-        )
-      )
-    }
-
-    override string getCredentialsKind() { result = kind }
-  }
+  // /** An expression that is passed as `expressBasicAuth({ users: { <user>: <password> }})`. */
+  // class Credentials extends CredentialsNode {
+  //   string kind;
+
+  //   Credentials() {
+  //     exists(DataFlow::CallNode call, DataFlow::ModuleImportNode mod |
+  //       mod.getPath() = "express-basic-auth" and
+  //       call = mod.getAnInvocation() and
+  //       exists(DataFlow::ObjectLiteralNode usersSrc, DataFlow::PropWrite pwn |
+  //         usersSrc.flowsTo(call.getOptionArgument(0, "users")) and
+  //         usersSrc.flowsTo(pwn.getBase())
+  //       |
+  //         this = pwn.getPropertyNameExpr().flow() and kind = "user name"
+  //         or
+  //         this = pwn.getRhs() and kind = "password"
+  //       )
+  //     )
+  //   }
+
+  //   override string getCredentialsKind() { result = kind }
+  // }
 
   /** A call to `response.sendFile`, considered as a file system access. */
   private class ResponseSendFileAsFileSystemAccess extends FileSystemReadAccess,

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/JWT.qll b/javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
@@ -44,8 +44,7 @@ private module JsonWebToken {
    */
   private class JwtKey extends CredentialsNode {
     JwtKey() {
-      this =
-        API::moduleImport("jsonwebtoken").getMember(["sign", "verify"]).getParameter(1).asSink()
+      this = API::moduleImport("jsonwebtoken").getMember(["verify"]).getParameter(1).asSink()
     }
 
     override string getCredentialsKind() { result = "key" }

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
@@ -77,22 +77,22 @@ private module MongoDB {
     result = API::Node::ofType("mongoose", "ConnectOptions")
   }
 
-  /**
-   * An expression passed to `mongodb` or `mongoose` to supply credentials.
-   */
-  class Credentials extends CredentialsNode {
-    string kind;
-
-    Credentials() {
-      exists(string prop | this = credentialsObject().getMember(prop).asSink() |
-        prop = "user" and kind = "user name"
-        or
-        prop = "pass" and kind = "password"
-      )
-    }
-
-    override string getCredentialsKind() { result = kind }
-  }
+//   /**
+//    * An expression passed to `mongodb` or `mongoose` to supply credentials.
+//    */
+//   class Credentials extends CredentialsNode {
+//     string kind;
+
+//     Credentials() {
+//       exists(string prop | this = credentialsObject().getMember(prop).asSink() |
+//         prop = "user" and kind = "user name"
+//         or
+//         prop = "pass" and kind = "password"
+//       )
+//     }
+
+//     override string getCredentialsKind() { result = kind }
+//   }
 }
 
 private module Mongoose {

diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
@@ -425,16 +425,16 @@ module NodeJSLib {
     ServerDefinition() { isCreateServer(this) }
   }
 
-  /** An expression that is passed as `http.request({ auth: <expr> }, ...)`. */
-  class Credentials extends CredentialsNode {
-    Credentials() {
-      exists(string http | http = "http" or http = "https" |
-        this = DataFlow::moduleMember(http, "request").getACall().getOptionArgument(0, "auth")
-      )
-    }
+  // /** An expression that is passed as `http.request({ auth: <expr> }, ...)`. */
+  // class Credentials extends CredentialsNode {
+  //   Credentials() {
+  //     exists(string http | http = "http" or http = "https" |
+  //       this = DataFlow::moduleMember(http, "request").getACall().getOptionArgument(0, "auth")
+  //     )
+  //   }
 
-    override string getCredentialsKind() { result = "credentials" }
-  }
+  //   override string getCredentialsKind() { result = "credentials" }
+  // }
 
   /**
    * A call a process-terminating function, such as `process.exit`.
@@ -1035,27 +1035,27 @@ module NodeJSLib {
     }
   }
 
-  /**
-   * A data flow node that is the username passed to the login callback provided by an HTTP or HTTPS request made by a Node.js process, for example `username` in `http.request(url).on('login', (res, cb) => {cb(username, password)})`.
-   */
-  private class ClientRequestLoginUsername extends CredentialsNode {
-    ClientRequestLoginUsername() {
-      exists(ClientRequestLoginCallback callback | this = callback.getACall().getArgument(0))
-    }
+  // /**
+  //  * A data flow node that is the username passed to the login callback provided by an HTTP or HTTPS request made by a Node.js process, for example `username` in `http.request(url).on('login', (res, cb) => {cb(username, password)})`.
+  //  */
+  // private class ClientRequestLoginUsername extends CredentialsNode {
+  //   ClientRequestLoginUsername() {
+  //     exists(ClientRequestLoginCallback callback | this = callback.getACall().getArgument(0))
+  //   }
 
-    override string getCredentialsKind() { result = "Node.js http(s) client login username" }
-  }
+  //   override string getCredentialsKind() { result = "Node.js http(s) client login username" }
+  // }
 
-  /**
-   * A data flow node that is the password passed to the login callback provided by an HTTP or HTTPS request made by a Node.js process, for example `password` in `http.request(url).on('login', (res, cb) => {cb(username, password)})`.
-   */
-  private class ClientRequestLoginPassword extends CredentialsNode {
-    ClientRequestLoginPassword() {
-      exists(ClientRequestLoginCallback callback | this = callback.getACall().getArgument(1))
-    }
+  // /**
+  //  * A data flow node that is the password passed to the login callback provided by an HTTP or HTTPS request made by a Node.js process, for example `password` in `http.request(url).on('login', (res, cb) => {cb(username, password)})`.
+  //  */
+  // private class ClientRequestLoginPassword extends CredentialsNode {
+  //   ClientRequestLoginPassword() {
+  //     exists(ClientRequestLoginCallback callback | this = callback.getACall().getArgument(1))
+  //   }
 
-    override string getCredentialsKind() { result = "Node.js http(s) client login password" }
-  }
+  //   override string getCredentialsKind() { result = "Node.js http(s) client login password" }
+  // }
 
   /**
    * A data flow node that is the parameter of an error callback for an HTTP or HTTPS request made by a Node.js process, for example `err` in `http.request(url).on('error', (err) => {})`.