Add CDS Utils path injection query#224
Conversation
knewbury01
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
jeongsoolee09
left a comment
jeongsoolee09
left a comment
There was a problem hiding this comment.
Nice work. I'd like to suggest two things:
Lack of barriers
A barrier is lacking in this example. Research some well-known ways to neutralize path traversal and ones that are specific to CAP, and add both to the Recommendations section of the help file and to the isBarrier predicate of the configuration.
CDSAdditionalFlowStep hard to understand at first glance
It's a bit hard to follow the logic of CDSAdditionalFlowStep, and much of it is coming from the fact that conceptually a flow step is a pair of two dataflow nodes but the implementation at the moment is a DataFlow::Node.
But admittedly encoding a tuple can be a bit verbose to model in QL. So I think it's better to remove the hierarchy only for additional flow steps and directly inline the class definition into the isAdditionalStep predicate. It seems like the default queries are following this practice.
…thub.com/advanced-security/codeql-sap-js into knewbury01/cds-util-path-traversal-query
3 participants
What This PR Contributes
PathInjection.qlFuture Works
Add additional unit tests if the extra API cases described here in the future works are covered in the future.