hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove deep taint of objects

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-11-19 15:50:50 +01:00
parent c2b48eb546
commit 1ba777a45d
3 changed files with 1 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
View File

@@ -78,9 +78,6 @@ module ExceptionXss {
or
// All the usual taint-flow steps apply on data-flow before it has been thrown in an exception.
this.isAdditionalFlowStep(pred, succ) and inlbl instanceof NotYetThrown and outlbl instanceof NotYetThrown
or
// We taint an object deep if it happens before an exception has been thrown.
inlbl instanceof NotYetThrown and outlbl instanceof NotYetThrown and exists(DataFlow::PropWrite write | write.getRhs() = pred and write.getBase() = succ)
}
}
}

11
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
View File

@@ -16,11 +16,6 @@ nodes
| exception-xss.js:22:10:22:10 | e |
| exception-xss.js:23:18:23:18 | e |
| exception-xss.js:23:18:23:18 | e |
| exception-xss.js:27:11:27:21 | {prop: foo} |
| exception-xss.js:27:18:27:20 | foo |
| exception-xss.js:28:10:28:10 | e |
| exception-xss.js:29:18:29:18 | e |
| exception-xss.js:29:18:29:18 | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] |
| exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:34:10:34:10 | e |
@@ -61,7 +56,6 @@ edges
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:9:11:9:13 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:15:9:15:11 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:21:11:21:13 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:27:18:27:20 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:81:16:81:18 | foo |
@@ -81,10 +75,6 @@ edges
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:10:22:10 | e |
| exception-xss.js:22:10:22:10 | e | exception-xss.js:23:18:23:18 | e |
| exception-xss.js:22:10:22:10 | e | exception-xss.js:23:18:23:18 | e |
| exception-xss.js:27:11:27:21 | {prop: foo} | exception-xss.js:28:10:28:10 | e |
| exception-xss.js:27:18:27:20 | foo | exception-xss.js:27:11:27:21 | {prop: foo} |
| exception-xss.js:28:10:28:10 | e | exception-xss.js:29:18:29:18 | e |
| exception-xss.js:28:10:28:10 | e | exception-xss.js:29:18:29:18 | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:10:34:10 | e |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] |
| exception-xss.js:34:10:34:10 | e | exception-xss.js:35:18:35:18 | e |
@@ -118,7 +108,6 @@ edges
| exception-xss.js:11:18:11:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:11:18:11:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:17:18:17:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:17:18:17:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:23:18:23:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:23:18:23:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:29:18:29:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:29:18:29:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:35:18:35:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:35:18:35:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:48:18:48:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:48:18:48:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
| exception-xss.js:83:18:83:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:83:18:83:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-079/exception-xss.js
View File

@@ -26,7 +26,7 @@
try {
unknown({prop: foo});
} catch(e) {
$('myId').html(e); // NOT OK!
$('myId').html(e); // We don't flag this for now.
}
try {