hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

add setAttributeNS('xlink', 'href',..) example in XSS test

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-09-09 09:41:08 +01:00
parent c780956f0d
commit 2729566bbf
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -60,8 +60,10 @@ nodes
| tst3.js:5:26:5:31 | data.p |
| tst3.js:7:32:7:35 | data |
| tst3.js:7:32:7:37 | data.p |
| tst3.js:9:38:9:41 | data |
| tst3.js:9:38:9:43 | data.p |
| tst3.js:9:37:9:40 | data |
| tst3.js:9:37:9:42 | data.p |
| tst3.js:10:38:10:41 | data |
| tst3.js:10:38:10:43 | data.p |
| tst.js:2:7:2:39 | target |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:39 | documen ... .search |
@@ -231,7 +233,8 @@ edges
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:38:9:41 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data |
| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
@@ -239,7 +242,8 @@ edges
| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p |
| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p |
| tst3.js:9:38:9:41 | data | tst3.js:9:38:9:43 | data.p |
| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p |
| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p |
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
| tst.js:2:7:2:39 | target | tst.js:23:42:23:47 | target |
@@ -370,7 +374,8 @@ edges
| tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:56 | window.location | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst3.js:7:32:7:37 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:7:32:7:37 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst3.js:9:38:9:43 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:9:38:9:43 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst3.js:9:37:9:42 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:9:37:9:42 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst3.js:10:38:10:43 | data.p | tst3.js:2:42:2:56 | window.location | tst3.js:10:38:10:43 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:56 | window.location | user-provided value |
| tst.js:5:18:5:23 | target | tst.js:2:16:2:32 | document.location | tst.js:5:18:5:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:32 | document.location | user-provided value |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" | tst.js:8:37:8:53 | document.location | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | Cross-site scripting vulnerability due to $@. | tst.js:8:37:8:53 | document.location | user-provided value |
| tst.js:12:5:12:42 | '<div s ... 'px">' | tst.js:2:16:2:32 | document.location | tst.js:12:5:12:42 | '<div s ... 'px">' | Cross-site scripting vulnerability due to $@. | tst.js:2:16:2:32 | document.location | user-provided value |

1
javascript/ql/test/query-tests/Security/CWE-079/tst3.js
View File

@@ -6,6 +6,7 @@ foo.setAttribute("HREF", data.p); // NOT OK
foo.setAttribute("width", data.w); // OK
foo.setAttribute("xlink:href", data.p) // NOT OK
foo.setAttributeNS('xlink', 'href', data.p); // NOT OK
foo.setAttributeNS('foobar', 'href', data.p); // NOT OK
foo.setAttributeNS('baz', 'width', data.w); // OK