hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Accept some different-kind comparison-bypass alerts

Browse Source
This commit is contained in:
Asger F
2025-02-25 16:09:31 +01:00
parent a1796bda8a
commit 7ed5398688
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-807/tst-different-kinds-comparison-bypass.js
View File

@@ -4,16 +4,16 @@ var app = express();
app.get('/user/:id', function(req, res) {
req.query.userId == req.cookies.userId; // $ Alert
req.query.userId == req.cookies.userId; // $ Alert[js/different-kinds-comparison-bypass]
req.query.userId1 == req.query.userId2; // OK - same kind of source
req.url == req.body; // $ Alert
req.url == req.body; // $ Alert[js/different-kinds-comparison-bypass]
check(req.query.userId, req.cookies.userId);
function check(a, b) {
a == b; // $ Alert
a == b; // $ Alert[js/different-kinds-comparison-bypass]
}
// CSRF protection

6
javascript/ql/test/query-tests/Security/CWE-807/tst.js
View File

@@ -58,17 +58,17 @@ app.get('/user/:id', function(req, res) {
login()
}
if (req.cookies.cookieId === req.params.requestId) { // $ Alert - depends on user input
if (req.cookies.cookieId === req.params.requestId) { // $ Alert[js/different-kinds-comparison-bypass]
process.exit();
}
var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert - depends on user input
var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert[js/different-kinds-comparison-bypass]
if (v1) {
process.exit();
}
function cmp(p, q) {
return p === q;
return p === q; // $ Alert[js/different-kinds-comparison-bypass]
}
var v2 = cmp(req.cookies.cookieId, req.params.requestId); // $ MISSING: Alert - not detected due to flow limitations
if (v2) {