Query module ConditionalBypass

name
User-controlled bypass of security check
description
Conditions that the user controls are not suited for making security-related decisions.
kind
path-problem
problem.severity
error
precision
medium
id
js/user-controlled-bypass
tags
security external/cwe/cwe-807 external/cwe/cwe-290

Imports

ConditionalBypass
PathGraph

Provides the query predicates needed to include a graph in a path-problem query.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

flowsToGuardExpr

Holds if the value of nd flows into guard.

isEarlyAbortGuard

Holds if e effectively guards access to action by returning or throwing early.

isTaintedGuardForSensitiveAction

Holds if sink guards action, and source taints sink.

Classes

SensitiveActionGuardComparison

A comparison that guards a sensitive action, e.g. the comparison in: var ok = x == y; if (ok) login().

SensitiveActionGuardComparisonOperand

An intermediary sink to enable reuse of the taint configuration. This sink should not be presented to the client of this query.