Identifying Sanitizer/Barrier nodes in a query #483
-
I'm trying to identify Sanitizer/Barrier/SanitizerGuard/BarrierGuard nodes in a JavaScript repository. I want to print these nodes' information in the select query along with the source and the sink for any JavaScript vulnerability. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hi If you are simply looking for all, say, predicate barrierGuard(BarrierGuard bg, Config config) {
config.isBarrierGuard(bg)
} and then quick-eval that in VS Code. I am not quite sure what you mean by "along with the source and sink": If there is flow from a source to a sink it means that there is a path that does not go through any (barrier)guard, so none of the paths reported will contain a guard. |
Beta Was this translation helpful? Give feedback.
Hi
If you are simply looking for all, say,
BarrierGuard
s for a given data flow configurationConfig
, you can write a simple predicateand then quick-eval that in VS Code.
I am not quite sure what you mean by "along with the source and sink": If there is flow from a source to a sink it means that there is a path that does not go through any (barrier)guard, so none of the paths reported will contain a guard.