add test for string replacement chains of URL schemes

2026-05-03 04:39:29 +02:00 · 2022-03-18 11:05:59 +01:00
parent 235aa9c24e
commit 693c77f3df
2 changed files with 25 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.expected
@@ -11,3 +11,5 @@
 | IncompleteUrlSchemeCheck.js:87:7:87:40 | /^(java ... scheme) | This check does not consider vbscript:. |
 | IncompleteUrlSchemeCheck.js:94:10:94:15 | scheme | This check does not consider vbscript:. |
 | IncompleteUrlSchemeCheck.js:104:6:104:39 | /^(java ... scheme) | This check does not consider vbscript:. |
+| IncompleteUrlSchemeCheck.js:110:12:112:29 | url  // ... :/, "") | This check does not consider vbscript:. |
+| IncompleteUrlSchemeCheck.js:124:11:124:34 | url.rep ... :/, "") | This check does not consider vbscript:. |
--- a/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js
+++ b/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js
@@ -105,3 +105,26 @@ function test14(url) {
        return "about:blank";
    return url;
 }
+
+function chain1(url) {
+    return url  // NOT OK
+        .replace(/javascript:/, "")
+        .replace(/data:/, "");
+}
+
+function chain2(url) {
+    return url  // OK
+        .replace(/javascript:/, "")
+        .replace(/data:/, "")
+        .replace(/vbscript:/, "");
+}
+
+function chain3(url) {
+    url = url.replace(/javascript:/, "")
+    url = url.replace(/data:/, ""); // NOT OK
+    return url;
+}
+
+function chain4(url) {
+    return url.replace(/(javascript|data):/, ""); // NOT OK - but not flagged [INCONSISTENCY]
+}