X Tutup
The Wayback Machine - https://web.archive.org/web/20220126131739/https://github.com/github/codeql/pull/7744/files
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: Move experimental notice to the bottom of the ML-powered query help #7744

Merged
merged 1 commit into from Jan 25, 2022
+8 −8
Merged

JS: Move experimental notice to the bottom of the ML-powered query help #7744

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.md
View file
Open in desktop
@@ -1,8 +1,8 @@
# NoSQL database query built from user-controlled sources (experimental)
This is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.

If a database query (such as a SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run malicious database queries.

Note: This CodeQL query is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.


## Recommendation
Most database connector libraries offer a way of safely embedding untrusted data into a query by means of query parameters or prepared statements.
4 javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.md
View file
Open in desktop
@@ -1,8 +1,8 @@
# SQL database query built from user-controlled sources (experimental)
This is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.

If a database query (such as a SQL or NoSQL query) is built from user-provided data without sufficient sanitization, a malicious user may be able to run malicious database queries.

Note: This CodeQL query is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.


## Recommendation
Most database connector libraries offer a way of safely embedding untrusted data into a query by means of query parameters or prepared statements.
4 javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.md
View file
Open in desktop
@@ -1,8 +1,8 @@
# Uncontrolled data used in path expression (experimental)
This is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.

Accessing files using paths constructed from user-controlled data can allow an attacker to access unexpected resources. This can result in sensitive information being revealed or deleted, or an attacker being able to influence behavior by modifying unexpected files.

Note: This CodeQL query is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.


## Recommendation
Validate user input before using it to construct a file path, either using an off-the-shelf library like the `sanitize-filename` npm package, or by performing custom validation.
4 javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.md
View file
Open in desktop
@@ -1,10 +1,10 @@
# Client-side cross-site scripting (experimental)
This is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.

Directly writing user input (for example, a URL query parameter) to a webpage without properly sanitizing the input first, allows for a cross-site scripting vulnerability.

This kind of vulnerability is also called *DOM-based* cross-site scripting, to distinguish it from other types of cross-site scripting.

Note: This CodeQL query is an experimental query. Experimental queries generate alerts using machine learning. They might include more false positives but they will improve over time.


## Recommendation
To guard against cross-site scripting, consider using contextual output encoding/escaping before writing user input to the page, or one of the other solutions that are mentioned in the references.
X Tutup