hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix a bug in isSafeClientSideUrlProperty

Browse Source
This commit is contained in:
Asger F
2024-09-11 15:09:03 +02:00
parent bc04131c72
commit 2712bf821a
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -255,7 +255,7 @@ module TaintTracking {
exists(StringSplitCall c |
c.getBaseString().getALocalSource() =
[DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")] and
c.getSeparator() = "?" and
c.getSeparator() = ["?", "#"] and
read = c.getAPropertyRead("0")
)
}

2
javascript/ql/test/library-tests/TaintedUrlSuffix/tst.js
View File

@@ -5,7 +5,7 @@ function t1() {
sink(href); // $ flow=tainted-url-suffix
sink(href.split('#')[0]); // $ MISSING: flow=tainted-url-suffix SPURIOUS: flow=taint
sink(href.split('#')[0]); // $ MISSING: flow=tainted-url-suffix
sink(href.split('#')[1]); // $ flow=taint
sink(href.split('#').pop()); // $ flow=taint
sink(href.split('#')[2]); // $ flow=taint