hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add jQuery options objects as sources

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-04-26 20:03:14 +02:00
parent 5c37e6a435
commit 8ba5bddae8
3 changed files with 55 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll
View File

@@ -13,6 +13,7 @@ module UnsafeHtmlConstruction {
private import semmle.javascript.security.dataflow.DomBasedXssCustomizations::DomBasedXss as DomBasedXss
private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin as UnsafeJQueryPlugin
private import semmle.javascript.PackageExports as Exports
private import semmle.javascript.security.dataflow.UnsafeJQueryPlugin::UnsafeJQueryPlugin as UnsafeJQueryPlugin
/**
* A source for unsafe HTML constructed from library input.
@@ -29,6 +30,13 @@ module UnsafeHtmlConstruction {
}
}
/**
* A jQuery plugin options object, seen as a source for unsafe HTML constructed from input.
*/
class JQueryPluginOptionsAsSource extends Source {
JQueryPluginOptionsAsSource() { this instanceof UnsafeJQueryPlugin::JQueryPluginOptions }
}
/**
* A sink for unsafe HTML constructed from library input.
* This sink somehow transforms its input into a value that can cause XSS if it ends up in a XSS sink.