JavaScript: Recognise wrapped chains of replacements.

2026-05-03 04:39:29 +02:00 · 2019-10-30 13:02:59 +00:00
parent 02d16b1dc9
commit 5349e0f881
3 changed files with 18 additions and 2 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected
@@ -9,3 +9,4 @@
 | tst.js:86:10:86:22 | JSON.parse(s) | This replacement may produce '\\' characters that are double-unescaped $@. | tst.js:86:10:86:47 | JSON.pa ... g, "<") | here |
 | tst.js:99:10:99:66 | s.repla ... &amp;") | This replacement may double-escape '&' characters from $@. | tst.js:99:10:99:43 | s.repla ... epl[c]) | here |
 | tst.js:107:10:107:53 | encodeD ... &amp;") | This replacement may double-escape '&' characters from $@. | tst.js:107:10:107:30 | encodeD ... otes(s) | here |
+| tst.js:115:10:115:47 | encodeQ ... &amp;") | This replacement may double-escape '&' characters from $@. | tst.js:115:10:115:24 | encodeQuotes(s) | here |
--- a/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/tst.js
@@ -106,3 +106,11 @@ function encodeDoubleQuotes(s) {
 function badWrappedEncode(s) {
  return encodeDoubleQuotes(s).replace(/&/g, "&amp;");
 }
+
+function encodeQuotes(s) {
+  return s.replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+
+function badWrappedEncode2(s) {
+  return encodeQuotes(s).replace(/&/g, "&amp;");
+}