hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall()

Browse Source
This commit is contained in:
erik-krogh
2025-01-21 09:43:57 +01:00
parent d5529e3a7e
commit 17afab7d0f
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
View File

@@ -49,9 +49,20 @@ class IndexOfCall extends DataFlow::MethodCallNode {
exists(DataFlow::Node recv, string m |
this.receiverAndMethodName(recv, m) and result.receiverAndMethodName(recv, m)
|
// both directly reference the same value
result.getArgument(0).getALocalSource() = this.getArgument(0).getALocalSource()
or
// both use the same string literal
result.getArgument(0).getStringValue() = this.getArgument(0).getStringValue()
or
// both use the same concatenation of a string and a value
exists(Expr origin, StringLiteral str, AddExpr otherAdd |
this.getArgument(0).asExpr().(AddExpr).hasOperands(origin, str) and
otherAdd = result.getArgument(0).asExpr().(AddExpr)
|
otherAdd.getAnOperand().(StringLiteral).getStringValue() = str.getStringValue() and
otherAdd.getAnOperand().flow().getALocalSource() = origin.flow().getALocalSource()
)
)
}

1
javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.expected
View File

@@ -9,4 +9,3 @@
| tst.js:67:32:67:71 | x.index ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:76:25:76:57 | index = ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:80:10:80:57 | x.index ... th + 1) | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:110:65:110:164 | trusted ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |

2
javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js
View File

@@ -107,5 +107,5 @@ function sameCheck(allowedOrigin) {
function sameConcatenation(allowedOrigin) {
const trustedAuthority = "example.com";
return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK - but currently failing
return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK
}