Created
December 23, 2022 21:18
-
-
Save prabhu/5dddc06a9b8d87e056eb0aef57db9649 to your computer and use it in GitHub Desktop.
Analyze NodeGoat using joern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// git clone https://github.com/OWASP/NodeGoat | |
// Install joern | |
// importCode("NodeGoat") | |
val requestPattern = | |
"req\\.(originalUrl|path|protocol|route|secure|signedCookies|stale|subdomains|xhr|app|pipe|file|files|baseUrl|fresh|hostname|ip|url|ips|method|body|param|params|query|cookies)" | |
val taintSourcePattern = "(?s)(?i).*" + requestPattern + ".*" | |
val responsePattern = | |
"res\\.(append|attachment|cookie|clearCookie|download|end|format|get|json|jsonp|links|location|redirect|render|send|sendFile|sendStatus|set|status|type|vary)" | |
val taintXSSSinkPattern = "(?s)(?i).*" + responsePattern + ".*" | |
val taintHeaderSinkPattern = "(?s)(?i).*res\\.(set|writeHead|setHeader).*" | |
val taintDBSinkPattern = "(?s)(?i).*(db|dao|mongo|mongoclient).*" | |
def source=cpg.call.code(taintSourcePattern) | |
def xsssink=cpg.call.code(taintXSSSinkPattern) | |
xsssink.reachableByFlows(source).p | |
def headersink=cpg.call.code(taintHeaderSinkPattern) | |
headersink.reachableByFlows(source).p | |
def dbsink=cpg.call.code(taintDBSinkPattern) | |
dbsink.reachableByFlows(source).p |
Author
prabhu
commented
Dec 23, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment