File tree Expand file tree Collapse file tree 1 file changed +42
-0
lines changed
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Original file line number Diff line number Diff line change @@ -138,4 +138,46 @@ module CodeInjection {
138138 API:: moduleImport ( "module" ) .getInstance ( ) .getMember ( "_compile" ) .getACall ( ) .getArgument ( 0 )
139139 }
140140 }
141+
142+ /**
143+ * A value interpreted as as template by the `pug` library.
144+ */
145+ class PugTemplateSink extends Sink {
146+ PugTemplateSink ( ) {
147+ this = DataFlow:: moduleImport ( [ "pug" , "jade" ] ) .getAMemberCall ( [ "compile" , "render" ] ) .getArgument ( 0 )
148+ }
149+ }
150+
151+ /**
152+ * A value interpreted as a tempalte by the `dot` library.
153+ */
154+ class DotTemplateSink extends Sink {
155+ DotTemplateSink ( ) {
156+ this = DataFlow:: moduleImport ( "dot" ) .getAMemberCall ( "template" ) .getArgument ( 0 )
157+ }
158+ }
159+
160+ /**
161+ * A value interpreted as a template by the `ejs` library.
162+ */
163+ class EjsTemplateSink extends Sink {
164+ EjsTemplateSink ( ) { this = DataFlow:: moduleImport ( "ejs" ) .getAMemberCall ( "render" ) .getArgument ( 0 ) }
165+ }
166+
167+
168+ /**
169+ * A value interpreted as a template by the `nunjucks` library.
170+ */
171+ class NunjucksTemplateSink extends Sink {
172+ NunjucksTemplateSink ( ) {
173+ this = DataFlow:: moduleImport ( "nunjucks" ) .getAMemberCall ( "renderString" ) .getArgument ( 0 )
174+ }
175+ }
176+
177+ /**
178+ * A value interpreted as a template by `lodash` or `underscore`.
179+ */
180+ class LodashUnderscoreTemplateSink extends Sink {
181+ LodashUnderscoreTemplateSink ( ) { this = LodashUnderscore:: member ( "template" ) .getACall ( ) .getArgument ( 0 ) }
182+ }
141183}
You can’t perform that action at this time.
0 commit comments