hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: use ports to sharpen js/incomplete-url-substring-sanitization

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-01-30 10:18:00 +01:00
parent 83e2689645
commit 321b3f1ab5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
View File

@@ -51,7 +51,7 @@ where
name = "endsWith" and name = "endsWith" and
target.regexpMatch("(?i)\\.([a-z0-9-]+)(\\.[a-z0-9-]+)+") target.regexpMatch("(?i)\\.([a-z0-9-]+)(\\.[a-z0-9-]+)+")
or or
// the trailing slash makes the prefix-check safe // the trailing port or slash makes the prefix-check safe
( (
name = "startsWith" name = "startsWith"
or or
@@ -61,6 +61,6 @@ where
n.getIntValue() = 0 n.getIntValue() = 0
) )
) and ) and
target.regexpMatch(".*/") target.regexpMatch(".*(:[0-9]+|/)")
) )
select call, "'$@' may be at an arbitrary position in the sanitized URL.", substring, target select call, "'$@' may be at an arbitrary position in the sanitized URL.", substring, target