hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Recognize more forms of scheme checks

Browse Source
This commit is contained in:
Asger Feldthaus
2020-04-01 14:03:03 +01:00
parent 5034d40e64
commit 2c6beadf68
4 changed files with 108 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.expected
View File

@@ -1 +1,5 @@
| IncompleteUrlSchemeCheck.js:3:9:3:35 | u.start ... ript:") | This check does not consider data: and vbscript:. |
| IncompleteUrlSchemeCheck.js:5:9:5:35 | u.start ... ript:") | This check does not consider data: and vbscript:. |
| IncompleteUrlSchemeCheck.js:16:9:16:39 | badProt ... otocol) | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:23:9:23:43 | badProt ... scheme) | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:30:9:30:43 | badProt ... scheme) | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:37:9:37:31 | scheme ... script" | This check does not consider data: and vbscript:. |

43
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js
View File

@@ -1,6 +1,47 @@
import * as dummy from 'dummy';
function sanitizeUrl(url) {
let u = decodeURI(url).trim().toLowerCase();
if (u.startsWith("javascript:"))
if (u.startsWith("javascript:")) // NOT OK
return "about:blank";
return url;
}
let badProtocols = ['javascript:', 'data:'];
let badProtocolNoColon = ['javascript', 'data'];
let badProtocolsGood = ['javascript:', 'data:', 'vbscript:'];
function test2(url) {
let protocol = new URL(url).protocol;
if (badProtocols.includes(protocol)) // NOT OK
return "about:blank";
return url;
}
function test3(url) {
let scheme = goog.uri.utils.getScheme(url);
if (badProtocolNoColon.includes(scheme)) // NOT OK
return "about:blank";
return url;
}
function test4(url) {
let scheme = url.split(':')[0];
if (badProtocolNoColon.includes(scheme)) // NOT OK
return "about:blank";
return url;
}
function test5(url) {
let scheme = url.split(':')[0];
if (scheme === "javascript") // NOT OK
return "about:blank";
return url;
}
function test6(url) {
let protocol = new URL(url).protocol;
if (badProtocolsGood.includes(protocol)) // OK
return "about:blank";
return url;
}