Skip to content

Commit 77c383a

Browse files
author
Max Schaefer
committed
JavaScript: Simplify flow-summary queries.
Previously, `AllConfigurations.qll` would pull in (almost) all taint tracking configurations, which has started causing OOMEs during compilation. I've pruned it down to only the most interesting configurations. Since flow summaries are experimental at this point and require a bit of manual configuration anyway, this shouldn't be much of an issue in practice.
1 parent 13cd7d0 commit 77c383a

File tree

4 files changed

+4
-77
lines changed

4 files changed

+4
-77
lines changed

javascript/ql/src/Security/Summaries/AllConfigurations.qll

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,25 @@
11
/**
2-
* Imports the standard library and all taint-tracking configuration classes from the security queries.
2+
* Imports the standard library and a selection of taint-tracking configuration classes
3+
* from the security queries.
4+
*
5+
* To enable flow summarization for other queries, import their configuration classes here.
36
*/
47

58
import javascript
6-
import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm
7-
import semmle.javascript.security.dataflow.CleartextLogging
8-
import semmle.javascript.security.dataflow.CleartextStorage
99
import semmle.javascript.security.dataflow.ClientSideUrlRedirect
1010
import semmle.javascript.security.dataflow.CodeInjection
1111
import semmle.javascript.security.dataflow.CommandInjection
12-
import semmle.javascript.security.dataflow.ConditionalBypass
13-
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentials
14-
import semmle.javascript.security.dataflow.DifferentKindsComparisonBypass
1512
import semmle.javascript.security.dataflow.DomBasedXss as DomBasedXss
16-
import semmle.javascript.security.dataflow.FileAccessToHttp
17-
import semmle.javascript.security.dataflow.HardcodedCredentials
18-
import semmle.javascript.security.dataflow.InsecureRandomness
19-
import semmle.javascript.security.dataflow.InsufficientPasswordHash
2013
import semmle.javascript.security.dataflow.NosqlInjection
2114
import semmle.javascript.security.dataflow.ReflectedXss as ReflectedXss
2215
import semmle.javascript.security.dataflow.RegExpInjection
2316
import semmle.javascript.security.dataflow.RemotePropertyInjection
24-
import semmle.javascript.security.dataflow.RequestForgery
2517
import semmle.javascript.security.dataflow.ServerSideUrlRedirect
2618
import semmle.javascript.security.dataflow.SqlInjection
2719
import semmle.javascript.security.dataflow.StackTraceExposure
2820
import semmle.javascript.security.dataflow.StoredXss as StoredXss
2921
import semmle.javascript.security.dataflow.TaintedFormatString
3022
import semmle.javascript.security.dataflow.TaintedPath
31-
import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTampering
3223
import semmle.javascript.security.dataflow.UnsafeDeserialization
3324
import semmle.javascript.security.dataflow.XmlBomb
3425
import semmle.javascript.security.dataflow.XpathInjection

0 commit comments

Comments
 (0)