hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Teach PostMessageStar to reason about partially tainted objects.

Browse Source
This commit is contained in:
Max Schaefer
2019-01-31 08:59:47 +00:00
parent aeb8cc62b2
commit 87e62f0bd5
3 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
View File

@@ -1,7 +1,18 @@
nodes
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar.js:1:27:1:34 | userName |
edges
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
#select
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | here |
| PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | here |
| PostMessageStar2.js:9:29:9:36 | data.foo | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | here |
| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar.js:1:27:1:34 | userName | here |

12
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
View File

@@ -1 +1,11 @@
window.parent.postMessage(password, '*');
window.parent.postMessage(password, '*'); // NOT OK
(function() {
var data = {};
data.foo = password;
data.bar = "unproblematic";
window.parent.postMessage(data, '*'); // NOT OK
window.parent.postMessage(data.foo, '*'); // NOT OK
window.parent.postMessage(data.bar, '*'); // OK
})();