JS: add support for dis- and conjunctions in SanitizingFunction

Esben Sparre Andreasen · Esben Sparre Andreasen · commit eaad84bb4fc2 · 2018-11-12T10:23:52.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
@@ -824,6 +824,12 @@ module TaintTracking {
       exists(Expr e |
         exists(Expr returnExpr |
           returnExpr = sanitizer.asExpr()
+          or
+          // ad hoc support for conjunctions:
+          returnExpr.(LogAndExpr).getAnOperand() = sanitizer.asExpr() and sanitizerOutcome = true
+          or
+          // ad hoc support for disjunctions:
+          returnExpr.(LogOrExpr).getAnOperand() = sanitizer.asExpr() and sanitizerOutcome = false
           |
           exists(SsaExplicitDefinition ssa |
             ssa.getDef().getSource() = returnExpr and
diff --git a/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected b/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected
@@ -45,15 +45,18 @@
 | tst.js:271:25:271:45 | whiteli ... ains(z) | ExampleConfiguration | true | tst.js:271:44:271:44 | z |
 | tst.js:281:16:281:25 | x2 != null | ExampleConfiguration | false | tst.js:281:16:281:17 | x2 |
 | tst.js:281:30:281:51 | whiteli ... ins(x2) | ExampleConfiguration | true | tst.js:281:49:281:50 | x2 |
+| tst.js:283:9:283:13 | f2(v) | ExampleConfiguration | true | tst.js:283:12:283:12 | v |
 | tst.js:290:16:290:25 | x3 == null | ExampleConfiguration | true | tst.js:290:16:290:17 | x3 |
 | tst.js:290:30:290:51 | whiteli ... ins(x3) | ExampleConfiguration | true | tst.js:290:49:290:50 | x3 |
 | tst.js:299:17:299:38 | whiteli ... ins(x4) | ExampleConfiguration | true | tst.js:299:36:299:37 | x4 |
 | tst.js:308:18:308:39 | whiteli ... ins(x5) | ExampleConfiguration | true | tst.js:308:37:308:38 | x5 |
 | tst.js:317:26:317:47 | whiteli ... ins(x6) | ExampleConfiguration | true | tst.js:317:45:317:46 | x6 |
 | tst.js:327:25:327:34 | x7 != null | ExampleConfiguration | false | tst.js:327:25:327:26 | x7 |
 | tst.js:327:39:327:60 | whiteli ... ins(x7) | ExampleConfiguration | true | tst.js:327:58:327:59 | x7 |
+| tst.js:330:9:330:13 | f7(v) | ExampleConfiguration | true | tst.js:330:12:330:12 | v |
 | tst.js:337:25:337:46 | whiteli ... ins(x8) | ExampleConfiguration | true | tst.js:337:44:337:45 | x8 |
 | tst.js:338:16:338:25 | x8 != null | ExampleConfiguration | false | tst.js:338:16:338:17 | x8 |
 | tst.js:347:29:347:50 | whiteli ... ins(x9) | ExampleConfiguration | true | tst.js:347:48:347:49 | x9 |
 | tst.js:356:16:356:27 | x10 !== null | ExampleConfiguration | false | tst.js:356:16:356:18 | x10 |
 | tst.js:356:32:356:48 | x10 !== undefined | ExampleConfiguration | false | tst.js:356:32:356:34 | x10 |
+| tst.js:358:9:358:14 | f10(v) | ExampleConfiguration | false | tst.js:358:13:358:13 | v |
diff --git a/javascript/ql/test/library-tests/TaintBarriers/TaintedSink.expected b/javascript/ql/test/library-tests/TaintBarriers/TaintedSink.expected
@@ -41,7 +41,6 @@
 | tst.js:267:14:267:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:275:14:275:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:277:14:277:14 | v | tst.js:248:13:248:20 | SOURCE() |
-| tst.js:284:14:284:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:286:14:286:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:293:14:293:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:295:14:295:14 | v | tst.js:248:13:248:20 | SOURCE() |
@@ -51,11 +50,9 @@
 | tst.js:313:14:313:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:321:14:321:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:323:14:323:14 | v | tst.js:248:13:248:20 | SOURCE() |
-| tst.js:331:14:331:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:333:14:333:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:341:14:341:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:343:14:343:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:350:14:350:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:352:14:352:14 | v | tst.js:248:13:248:20 | SOURCE() |
 | tst.js:359:14:359:14 | v | tst.js:248:13:248:20 | SOURCE() |
-| tst.js:361:14:361:14 | v | tst.js:248:13:248:20 | SOURCE() |
diff --git a/javascript/ql/test/library-tests/TaintBarriers/isBarrier.expected b/javascript/ql/test/library-tests/TaintBarriers/isBarrier.expected
@@ -33,4 +33,7 @@
 | tst.js:241:14:241:14 | v | ExampleConfiguration |
 | tst.js:255:14:255:14 | v | ExampleConfiguration |
 | tst.js:265:14:265:14 | v | ExampleConfiguration |
+| tst.js:284:14:284:14 | v | ExampleConfiguration |
+| tst.js:331:14:331:14 | v | ExampleConfiguration |
 | tst.js:356:16:356:27 | x10 | ExampleConfiguration |
+| tst.js:361:14:361:14 | v | ExampleConfiguration |
