hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6002 from erik-krogh/history

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2021-06-08 13:17:38 -07:00
committed by GitHub
parent a02f96d660 b1d7c61d8e
commit 6bdd7df810
6 changed files with 125 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -129,6 +129,24 @@ nodes
| tst13.js:52:34:52:34 | e |
| tst13.js:53:28:53:28 | e |
| tst13.js:53:28:53:28 | e |
| tst13.js:59:9:59:52 | payload |
| tst13.js:59:19:59:42 | documen ... .search |
| tst13.js:59:19:59:42 | documen ... .search |
| tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:61:18:61:24 | payload |
| tst13.js:61:18:61:24 | payload |
| tst13.js:65:9:65:49 | payload |
| tst13.js:65:19:65:39 | history ... on.hash |
| tst13.js:65:19:65:39 | history ... on.hash |
| tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:67:21:67:27 | payload |
| tst13.js:67:21:67:27 | payload |
| tst13.js:72:9:72:49 | payload |
| tst13.js:72:19:72:39 | history ... on.hash |
| tst13.js:72:19:72:39 | history ... on.hash |
| tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:74:21:74:27 | payload |
| tst13.js:74:21:74:27 | payload |
| tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
@@ -306,6 +324,21 @@ edges
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload |
| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload |
| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload |
| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload |
| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload |
| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload |
| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload |
| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload |
| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
@@ -397,6 +430,9 @@ edges
| tst13.js:44:14:44:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:44:14:44:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:50:23:50:23 | e | tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | Untrusted URL redirection due to $@. | tst13.js:49:32:49:32 | e | user-provided value |
| tst13.js:53:28:53:28 | e | tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | Untrusted URL redirection due to $@. | tst13.js:52:34:52:34 | e | user-provided value |
| tst13.js:61:18:61:24 | payload | tst13.js:59:19:59:42 | documen ... .search | tst13.js:61:18:61:24 | payload | Untrusted URL redirection due to $@. | tst13.js:59:19:59:42 | documen ... .search | user-provided value |
| tst13.js:67:21:67:27 | payload | tst13.js:65:19:65:39 | history ... on.hash | tst13.js:67:21:67:27 | payload | Untrusted URL redirection due to $@. | tst13.js:65:19:65:39 | history ... on.hash | user-provided value |
| tst13.js:74:21:74:27 | payload | tst13.js:72:19:72:39 | history ... on.hash | tst13.js:74:21:74:27 | payload | Untrusted URL redirection due to $@. | tst13.js:72:19:72:39 | history ... on.hash | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:2:47:2:63 | document.location | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value |
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:6:34:6:50 | document.location | user-provided value |

20
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst13.js
View File

@@ -53,3 +53,23 @@ function foo() {
self.importScripts(e); // NOT OK
}
})();
function bar() {
const history = require('history').createBrowserHistory();
var payload = document.location.search.substr(1);
history.push(payload); // NOT OK
}
function baz() {
const history = require('history').createBrowserHistory();
var payload = history.location.hash.substr(1);
history.replace(payload); // NOT OK
}
function quz() {
const history = HistoryLibrary.createBrowserHistory();
var payload = history.location.hash.substr(1);
history.replace(payload); // NOT OK
}