Add hardwareConcurrency codeQL

dgirardi · Jul 31, 2024 · 7ff0e44 · 7ff0e44
1 parent be37440
commit 7ff0e44
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -2,3 +2,6 @@ paths:
   - src
   - modules
   - libraries
+queries:
+  - name: Prebid queries
+    uses: ./.github/codeql/queries
diff --git a/.github/codeql/queries/hardwareConcurrency.ql b/.github/codeql/queries/hardwareConcurrency.ql
@@ -0,0 +1,15 @@
+/**
+ * @id prebid/hardware-concurrency
+ * @name hardwareConcurrency
+ * @kind problem
+ * @problem.severity warning
+ * @description Finds uses of hardwareConcurrency
+ */
+
+import javascript
+
+from DataFlow::SourceNode nav
+where
+  nav = DataFlow::globalVarRef("navigator") or
+  nav = DataFlow::globalVarRef("top").getAPropertyRead("navigator")
+select nav.getAPropertyRead("hardwareConcurrency"), "hardwareConcurrency is an indicator of fingerprinting"
diff --git a/.github/codeql/queries/qlpack.yml b/.github/codeql/queries/qlpack.yml
@@ -0,0 +1,8 @@
+---
+library: false
+warnOnImplicitThis: false
+name: queries
+version: 0.0.1
+dependencies:
+  codeql/javascript-all: ^1.1.1
+  codeql/javascript-queries: ^1.1.0