hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add new query DoubleEscaping.

Browse Source
This commit is contained in:
Max Schaefer
2018-11-26 17:17:50 +00:00
parent 1c5322274a
commit 10166be535
12 changed files with 332 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected Normal file
View File

@@ -0,0 +1,6 @@
| tst.js:2:10:4:33 | s.repla ... &") | This replacement may double-escape '&' characters from $@. | tst.js:2:10:3:34 | s.repla ... apos;") | here |
| tst.js:20:10:20:33 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:20:10:21:35 | s.repla ... , "\\"") | here |
| tst.js:30:10:30:33 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:30:10:32:34 | s.repla ... g, "'") | here |
| tst.js:47:7:47:30 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:48:7:48:32 | s.repla ... , "\\"") | here |
| tst.js:53:10:53:33 | s.repla ... , '\\\\') | This replacement may produce '\\' characters that are double-unescaped $@. | tst.js:53:10:54:33 | s.repla ... , '\\'') | here |
| tst.js:60:7:60:28 | s.repla ... '%25') | This replacement may double-escape '%' characters from $@. | tst.js:59:7:59:28 | s.repla ... '%26') | here |

1
javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-116/DoubleEscaping.ql

62
javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/tst.js Normal file
View File

@@ -0,0 +1,62 @@
function badEncode(s) {
return s.replace(/"/g, """)
.replace(/'/g, "'")
.replace(/&/g, "&");
}
function goodEncode(s) {
return s.replace(/&/g, "&")
.replace(/"/g, """)
.replace(/'/g, "'");
}
function goodDecode(s) {
return s.replace(/"/g, "\"")
.replace(/'/g, "'")
.replace(/&/g, "&");
}
function badDecode(s) {
return s.replace(/&/g, "&")
.replace(/"/g, "\"")
.replace(/'/g, "'");
}
function cleverEncode(code) {
return code.replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/&(?![\w\#]+;)/g, '&amp;');
}
function badDecode2(s) {
return s.replace(/&amp;/g, "&")
.replace(/s?ome|thin*g/g, "else")
.replace(/&apos;/g, "'");
}
function goodDecodeInLoop(ss) {
var res = [];
for (var s of ss) {
s = s.replace(/&quot;/g, "\"")
.replace(/&apos;/g, "'")
.replace(/&amp;/g, "&");
res.push(s);
}
return res;
}
function badDecode3(s) {
s = s.replace(/&amp;/g, "&");
s = s.replace(/&quot;/g, "\"");
return s.replace(/&apos;/g, "'");
}
function badUnescape(s) {
return s.replace(/\\\\/g, '\\')
.replace(/\\'/g, '\'')
.replace(/\\"/g, '\"');
}
function badPercentEscape(s) {
s = s.replace(/&/g, '%26');
s = s.replace(/%/g, '%25');
return s;
}

0
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization.expected → javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.expected
View File

0
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization.qlref → javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-116/tst.js → javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
View File