hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3686 from esbena/js/insecure-http-options

Browse Source 
JS: add query js/disabling-certificate-validation
This commit is contained in:
Esben Sparre Andreasen
2020-06-12 08:40:12 +02:00
committed by GitHub
parent 5c2f1169d0 2e059376fd
commit 1bdae109c5
5 changed files with 142 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-295/DisablingCertificateValidation.expected Normal file
View File

@@ -0,0 +1,9 @@
| tst.js:15:3:15:27 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
| tst.js:18:1:18:40 | process ... HORIZED | Disabling certificate validation is strongly discouraged. |
| tst.js:21:3:21:27 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
| tst.js:25:3:25:27 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
| tst.js:29:3:29:27 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
| tst.js:34:3:34:27 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
| tst.js:39:2:39:29 | rejectU ... ndirect | Disabling certificate validation is strongly discouraged. |
| tst.js:45:2:45:28 | rejectU ... !!false | Disabling certificate validation is strongly discouraged. |
| tst.js:48:2:48:26 | rejectU ... : !true | Disabling certificate validation is strongly discouraged. |

1
javascript/ql/test/query-tests/Security/CWE-295/DisablingCertificateValidation.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-295/DisablingCertificateValidation.ql

70
javascript/ql/test/query-tests/Security/CWE-295/tst.js Normal file
View File

@@ -0,0 +1,70 @@
let https = require("https"),
tls = require("tls");
new https.Agent(); // OK
new https.Agent({
rejectUnauthorized: true // OK
});
unknownCall({
rejectUnauthorized: false // OK (but probably unsafe after all)
});
new https.Agent({
rejectUnauthorized: false // NOT OK
});
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; // NOT OK
https.get({
rejectUnauthorized: false // NOT OK
});
new tls.TLSSocket(socket, {
rejectUnauthorized: false // NOT OK
});
tls.connect({
rejectUnauthorized: false // NOT OK
});
let socket = new tls.TLSSocket();
socket.renegotiate({
rejectUnauthorized: false // NOT OK
});
let indirect = false;
new https.Agent({
rejectUnauthorized: indirect // NOT OK
});
new https.Agent({
rejectUnauthorized: !false // OK
});
new https.Agent({
rejectUnauthorized: !!false // NOT OK
});
new https.Agent({
rejectUnauthorized: !true // NOT OK
});
new https.Agent({
rejectUnauthorized: !!true // OK
});
new https.Agent({
rejectUnauthorized: unknown() // OK
});
new https.Agent({
rejectUnauthorized: !getOptions().selfSignedSSL // OK
});
new https.Agent({
rejectUnauthorized: getOptions().rejectUnauthorized // OK
});
new https.Agent({
rejectUnauthorized: !!getOptions().rejectUnauthorized // OK
});
new https.Agent({
rejectUnauthorized: getOptions() == null ? true : getOptions().verifySsl // OK
});
new https.Agent({
rejectUnauthorized: typeof getOptions().rejectUnauthorized === 'boolean' ? getOptions().rejectUnauthorized : undefined // OK
});