hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

better callgraph support for global variables

Browse Source
This commit is contained in:
erik-krogh
2023-03-22 13:49:33 +01:00
parent 663d4e8e3b
commit 2bba9057a0
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
View File

@@ -159,6 +159,11 @@ nodes
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:154:25:154:27 | msg |
| xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() |
edges
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
@@ -263,6 +268,10 @@ edges
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
#select
| forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
| forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
@@ -307,3 +316,4 @@ edges
| xss-through-dom.js:140:19:140:21 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:140:19:140:21 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:141:25:141:27 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:141:25:141:27 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:150:24:150:26 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:150:24:150:26 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:155:27:155:29 | msg | xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:155:27:155:29 | msg | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:159:34:159:52 | $("textarea").val() | DOM text |

11
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js
View File

@@ -148,4 +148,15 @@ const cashDom = require("cash-dom");
cashDom("#id").html(DOMPurify ? DOMPurify.sanitize(src) : src); // OK
$("<a />", { html: src }).appendTo("#id"); // NOT OK
function foo() {
window.VeryUniqueXssTestName = {
send: function (msg) {
$("#id").html(msg); // NOT OK
},
};
VeryUniqueXssTestName.send($("textarea").val());
}
foo()
})();