hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize hostname if there is a slash and a previous component

Browse Source
This commit is contained in:
Sauyon Lee
2020-04-02 00:58:09 -07:00
parent 4b3982154a
commit 4e5b17e18d
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ql/src/semmle/go/security/UrlConcatenation.qll
View File

@@ -55,6 +55,9 @@ private predicate concatenationHasHostnameSanitizingSubstring(StringOps::Concate
exists(StringOps::ConcatenationLeaf lf | lf = cat.getALeaf() |
lf.getStringValue().regexpMatch(".*([?#]|[^?#:/\\\\][/\\\\]).*|[/\\\\][^/\\\\].*")
or
lf.getStringValue() = "/" and
exists(lf.getPreviousLeaf())
or
hasHostnameSanitizingSubstring(lf.asNode())
)
}