hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test case for XSS on url suffix

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-03-27 10:02:24 +01:00
parent d3e1a258fa
commit 58af63d8cc
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -337,6 +337,10 @@ nodes
| tst.js:330:18:330:34 | document.location |
| tst.js:336:18:336:35 | params.get('name') |
| tst.js:336:18:336:35 | params.get('name') |
| tst.js:347:20:347:36 | document.location |
| tst.js:347:20:347:36 | document.location |
| tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:349:5:349:30 | getUrl( ... ring(1) |
| typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:38 | document.location |
| typeahead.js:20:22:20:38 | document.location |
@@ -650,6 +654,10 @@ edges
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
@@ -750,6 +758,7 @@ edges
| tst.js:314:20:314:20 | e | tst.js:311:10:311:17 | location | tst.js:314:20:314:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:311:10:311:17 | location | user-provided value |
| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:319:35:319:42 | location | user-provided value |
| tst.js:336:18:336:35 | params.get('name') | tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:330:18:330:34 | document.location | user-provided value |
| tst.js:349:5:349:30 | getUrl( ... ring(1) | tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) | Cross-site scripting vulnerability due to $@. | tst.js:347:20:347:36 | document.location | user-provided value |
| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:38 | document.location | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:38 | document.location | user-provided value |
| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
| winjs.js:3:43:3:49 | tainted | winjs.js:2:17:2:33 | document.location | winjs.js:3:43:3:49 | tainted | Cross-site scripting vulnerability due to $@. | winjs.js:2:17:2:33 | document.location | user-provided value |

8
javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected
View File

@@ -337,6 +337,10 @@ nodes
| tst.js:330:18:330:34 | document.location |
| tst.js:336:18:336:35 | params.get('name') |
| tst.js:336:18:336:35 | params.get('name') |
| tst.js:347:20:347:36 | document.location |
| tst.js:347:20:347:36 | document.location |
| tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:349:5:349:30 | getUrl( ... ring(1) |
| typeahead.js:9:28:9:30 | loc |
| typeahead.js:9:28:9:30 | loc |
| typeahead.js:10:16:10:18 | loc |
@@ -654,6 +658,10 @@ edges
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

9
javascript/ql/test/query-tests/Security/CWE-079/tst.js
View File

@@ -339,4 +339,13 @@ function URLPseudoProperties() {
let myUrl = getTaintedUrl();
$('name').html(myUrl.get('name'));
}
function hash() {
function getUrl() {
return new URL(document.location);
}
$(getUrl().hash.substring(1)); // NOT OK
}