Replies: 1 comment 1 reply
-
|
Can you show the code for the query that you're working on? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hello , source code that i query for here , a open source : https://github.com/NodeBB/NodeBB/blob/f9edb13f6209b075d4a53c130d1bba166ae188fa/src/api/search.js#L64 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
📌 Initial Context
I have a Node.js project with the following structure:
categories/index.js
search.js
main.js
📌 The Problem with CodeQL Analysis
I want to write a TaintTracking query in CodeQL to track data from
categories.search("payload") in main.js into the actual implementation of the function defined in search.js.
However, by default, CodeQL does not automatically connect through these steps:
require('../categories') → the Categories object from index.js.
require('./search')(Categories) → the parameter Categories inside search.js.
Categories.search = function(...) { ... } → linking the .search property to the function body.
As a result, when running taint tracking, the flow always stops at the callsite categories.search("payload") and never enters the function body.
📌 Question
👉 How can I write an AdditionalTaintStep (or the proper configuration) so that CodeQL can understand .
The taint flow can propagate from the callsite categories.search("...") in main.js all the way into the body of the function defined in search.js.
Beta Was this translation helpful? Give feedback.
All reactions