JS: add window.name as DOM-based remote flow source

2026-04-30 19:26:02 +02:00 · 2018-11-30 11:06:43 +00:00
parent a4b3b1e8c8
commit 14621760bb
1 changed files with 15 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/DOM.qll
@@ -199,4 +199,18 @@ private class PostMessageEventParameter extends RemoteFlowSource {
  override string getSourceType() {
    result = "postMessage event"
  }
-}
+}
+
+/**
+ * An access to `window.name`, which can be controlled by the opener of the window,
+ * even if the window is opened from a foreign domain.
+ */
+private class WindowNameAccess extends RemoteFlowSource {
+  WindowNameAccess() {
+    this = DataFlow::globalVarRef("name")
+  }
+
+  override string getSourceType() {
+    result = "Window name"
+  }
+}