hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add Tanstack framework support and enhance data flow tracking for fetch responses

Browse Source
This commit is contained in:
Napalys
2025-02-21 12:55:33 +01:00
committed by Napalys Klicius
parent 05690c21ed
commit 1227a7eedc
6 changed files with 75 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected
View File

@@ -1,4 +1,24 @@
#select
| test.jsx:25:29:25:32 | data | test.jsx:5:28:5:63 | fetch(" ... ntent") | test.jsx:25:29:25:32 | data | Cross-site scripting vulnerability due to $@. | test.jsx:5:28:5:63 | fetch(" ... ntent") | user-provided value |
edges
| test.jsx:5:11:5:63 | response | test.jsx:6:24:6:31 | response | provenance | |
| test.jsx:5:22:5:63 | await f ... ntent") | test.jsx:5:11:5:63 | response | provenance | |
| test.jsx:5:28:5:63 | fetch(" ... ntent") | test.jsx:5:22:5:63 | await f ... ntent") | provenance | |
| test.jsx:6:11:6:38 | data | test.jsx:7:12:7:15 | data | provenance | |
| test.jsx:6:18:6:38 | await r ... .json() | test.jsx:6:11:6:38 | data | provenance | |
| test.jsx:6:24:6:31 | response | test.jsx:6:24:6:38 | response.json() | provenance | |
| test.jsx:6:24:6:38 | response.json() | test.jsx:6:18:6:38 | await r ... .json() | provenance | |
| test.jsx:7:12:7:15 | data | test.jsx:11:11:15:5 | data | provenance | |
| test.jsx:11:11:15:5 | data | test.jsx:25:29:25:32 | data | provenance | |
nodes
| test.jsx:5:11:5:63 | response | semmle.label | response |
| test.jsx:5:22:5:63 | await f ... ntent") | semmle.label | await f ... ntent") |
| test.jsx:5:28:5:63 | fetch(" ... ntent") | semmle.label | fetch(" ... ntent") |
| test.jsx:6:11:6:38 | data | semmle.label | data |
| test.jsx:6:18:6:38 | await r ... .json() | semmle.label | await r ... .json() |
| test.jsx:6:24:6:31 | response | semmle.label | response |
| test.jsx:6:24:6:38 | response.json() | semmle.label | response.json() |
| test.jsx:7:12:7:15 | data | semmle.label | data |
| test.jsx:11:11:15:5 | data | semmle.label | data |
| test.jsx:25:29:25:32 | data | semmle.label | data |
subpaths

4
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/test.jsx
View File

@@ -2,7 +2,7 @@ import React from "react";
import { useQuery } from "@tanstack/react-query";
const fetchContent = async () => {
const response = await fetch("https://example.com/content"); // $ MISSING: Source[js/xss]
const response = await fetch("https://example.com/content"); // $ Source[js/xss]
const data = await response.json();
return data;
};
@@ -22,7 +22,7 @@ const ContentWithDangerousHtml = () => {
<h1>Content with Dangerous HTML</h1>
<div
dangerouslySetInnerHTML={{
__html: data, // $ MISSING: Alert[js/xss]
__html: data, // $ Alert[js/xss]
}}
/>
</div>