hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4776 from asgerf/js/electron-openshell

Browse Source 
Approved by erik-krogh
This commit is contained in:
CodeQL CI
2020-12-04 09:12:44 +00:00
committed by GitHub
parent 22dbaf28ab 20d9848f07
commit 0f5f0ed99e
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -1,4 +1,8 @@
nodes
| electron.js:4:12:4:22 | window.name |
| electron.js:4:12:4:22 | window.name |
| electron.js:7:20:7:29 | getTaint() |
| electron.js:7:20:7:29 | getTaint() |
| sanitizer.js:2:9:2:25 | url |
| sanitizer.js:2:15:2:25 | window.name |
| sanitizer.js:2:15:2:25 | window.name |
@@ -181,6 +185,10 @@ nodes
| typed.ts:29:33:29:43 | redirectUri |
| typed.ts:29:33:29:43 | redirectUri |
edges
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url |
@@ -349,6 +357,7 @@ edges
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
#select
| electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection due to $@. | electron.js:4:12:4:22 | window.name | user-provided value |
| sanitizer.js:4:27:4:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:4:27:4:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:16:27:16:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:16:27:16:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:19:27:19:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:19:27:19:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |

7
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/electron.js Normal file
View File

@@ -0,0 +1,7 @@
import { shell } from 'electron';
function getTaint() {
return window.name;
}
shell.openExternal(getTaint());