Skip to content

Commit 11a97a6

Browse files
jeongsoolee09jeongsoolee09
committed
Merge branch 'jeongsoolee09/fix-ui5-fn' of github.com:advanced-security/codeql-sap-js into jeongsoolee09/fix-ui5-fn
2 parents 4e9cdf0 + ee611f9 commit 11a97a6

File tree

4 files changed

+24
-18
lines changed

4 files changed

+24
-18
lines changed

javascript/frameworks/cap/test/models/cds/entityreference/package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/unnecessarily-granted-privileged-access-rights/package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5LogsToHttpQuery.qll

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,9 @@ module UI5LogEntryToHttp implements DataFlow::StateConfigSig {
2929
UI5LogInjection::isAdditionalFlowStep(start, end) and
3030
preState = postState
3131
or
32-
exists(LogArgumentToListener logArgumentToListener |
33-
logArgumentToListener.step(start, end) and
34-
preState = "not-logged-not-accessed" and
35-
postState = "logged-and-accessed"
36-
)
32+
logArgumentToListener(start, end) and
33+
preState = "not-logged-not-accessed" and
34+
postState = "logged-and-accessed"
3735
}
3836

3937
predicate isSink(DataFlow::Node node, FlowState state) {

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/FlowSteps.qll

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -343,18 +343,26 @@ class ResourceBundleGetTextCallArgToReturnValueStep extends DataFlow::SharedFlow
343343
}
344344
}
345345

346+
/**
347+
* A step from any argument of a SAP logging function to the `onLogEntry`
348+
* method of a custom log listener in the same application.
349+
*/
350+
predicate logArgumentToListener(DataFlow::Node start, DataFlow::Node end) {
351+
inSameWebApp(start.getFile(), end.getFile()) and
352+
start =
353+
ModelOutput::getATypeNode("SapLogger")
354+
.getMember(["debug", "error", "fatal", "info", "trace", "warning"])
355+
.getACall()
356+
.getAnArgument() and
357+
end = ModelOutput::getATypeNode("SapLogEntries").asSource()
358+
}
359+
346360
/**
347361
* A step from any argument of a SAP logging function to the `onLogEntry`
348362
* method of a custom log listener in the same application.
349363
*/
350364
class LogArgumentToListener extends DataFlow::SharedFlowStep {
351365
override predicate step(DataFlow::Node start, DataFlow::Node end) {
352-
inSameWebApp(start.getFile(), end.getFile()) and
353-
start =
354-
ModelOutput::getATypeNode("SapLogger")
355-
.getMember(["debug", "error", "fatal", "info", "trace", "warning"])
356-
.getACall()
357-
.getAnArgument() and
358-
end = ModelOutput::getATypeNode("SapLogEntries").asSource()
366+
logArgumentToListener(start, end)
359367
}
360368
}

0 commit comments

Comments
 (0)