Upgrade dataflow library XSJSReflectedXss

Author: knewbury01

javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSReflectedXssQuery.qll

@@ -13,13 +13,13 @@ class XSJSResponseSetBodyCall extends MethodCallNode {
   XSJSResponse getParentXSJSResponse() { result = response }
 }
 
-class Configuration extends ReflectedXssQuery::Configuration {
-  override predicate isSource(DataFlow::Node start) {
-    super.isSource(start) or
+module Configuration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node start) {
+    ReflectedXssQuery::ReflectedXssConfig::isSource(start) or
     start instanceof RemoteFlowSource
   }
 
-  override predicate isSink(DataFlow::Node end) {
+  predicate isSink(DataFlow::Node end) {
     exists(XSJSResponseSetBodyCall setBody, XSJSResponse thisOrAnotherXSJSResponse |
       thisOrAnotherXSJSResponse = setBody.getParentXSJSResponse() or
       thisOrAnotherXSJSResponse = setBody.getParentXSJSResponse().getAPredOrSuccResponse()
@@ -31,4 +31,8 @@ class Configuration extends ReflectedXssQuery::Configuration {
       )
     )
   }
+
+  predicate isBarrier(DataFlow::Node node) {
+    ReflectedXssQuery::ReflectedXssConfig::isBarrier(node)
+  }
 }

javascript/frameworks/xsjs/src/XSJSReflectedXss/XSJSReflectedXss.ql

@@ -12,8 +12,11 @@
 
 import javascript
 import advanced_security.javascript.frameworks.xsjs.XSJSReflectedXssQuery
-import DataFlow::PathGraph
 
-from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module ConfigurationFlow = TaintTracking::Global<Configuration>;
+
+import ConfigurationFlow::PathGraph
+
+from ConfigurationFlow::PathNode source, ConfigurationFlow::PathNode sink
+where ConfigurationFlow::flowPath(source, sink)
 select sink, source, sink, "Reflected XSS vulnerability due to $@.", source, "user-provided value"

javascript/frameworks/xsjs/test/queries/XSJSReflectedXss/XSJSReflectedXss.expected

@@ -1,18 +1,19 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (XSJSReflectedXss.ql:15,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (XSJSReflectedXss.ql:17,28-46)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (XSJSReflectedXss.ql:17,55-73)
-nodes
-| XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 |
-| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") |
-| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") |
-| XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) |
-| XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) |
-| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 |
 edges
-| XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 | XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 |
-| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 |
-| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 |
-| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) |
-| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) |
+| XSJSReflectedXss.xsjs:3:34:3:50 | requestParameters | XSJSReflectedXss.xsjs:4:20:4:36 | requestParameters | provenance |  |
+| XSJSReflectedXss.xsjs:4:20:4:36 | requestParameters | XSJSReflectedXss.xsjs:4:10:4:47 | "<div>" ... </div>" | provenance |  |
+| XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 | XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | provenance |  |
+| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 | provenance |  |
+| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | XSJSReflectedXss.xsjs:3:34:3:50 | requestParameters | provenance |  |
+| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) | provenance |  |
+nodes
+| XSJSReflectedXss.xsjs:3:34:3:50 | requestParameters | semmle.label | requestParameters |
+| XSJSReflectedXss.xsjs:4:10:4:47 | "<div>" ... </div>" | semmle.label | "<div>" ... </div>" |
+| XSJSReflectedXss.xsjs:4:20:4:36 | requestParameters | semmle.label | requestParameters |
+| XSJSReflectedXss.xsjs:11:7:11:67 | someParameterValue1 | semmle.label | someParameterValue1 |
+| XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | semmle.label | request ... eter1") |
+| XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) | semmle.label | request ... Value1) |
+| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | semmle.label | someParameterValue1 |
+subpaths
+| XSJSReflectedXss.xsjs:13:46:13:64 | someParameterValue1 | XSJSReflectedXss.xsjs:3:34:3:50 | requestParameters | XSJSReflectedXss.xsjs:4:10:4:47 | "<div>" ... </div>" | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) |
 #select
 | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) | XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | XSJSReflectedXss.xsjs:13:22:13:65 | request ... Value1) | Reflected XSS vulnerability due to $@. | XSJSReflectedXss.xsjs:11:29:11:67 | request ... eter1") | user-provided value |