hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

move String.prototype.match taint step to a general AdditionalTaintStep

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2019-11-15 12:52:54 +01:00
parent e49b5e4afc
commit 8d2ae136b0
4 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
View File

@@ -32,6 +32,9 @@ nodes
| addEventListener.js:12:24:12:33 | event.data |
| addEventListener.js:12:24:12:33 | event.data |
| exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:2:15:2:31 | document.location |
| exception-xss.js:2:15:2:31 | document.location |
| exception-xss.js:2:15:2:31 | document.location |
| exception-xss.js:2:15:2:31 | document.location |
| exception-xss.js:4:20:4:20 | x |
@@ -75,6 +78,10 @@ nodes
| exception-xss.js:82:10:82:10 | e |
| exception-xss.js:83:18:83:18 | e |
| exception-xss.js:83:18:83:18 | e |
| exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:86:17:86:19 | foo |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:33 | document.location |
@@ -743,6 +750,12 @@ edges
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:81:16:81:18 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:2:9:2:31 | foo | exception-xss.js:86:17:86:19 | foo |
| exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:2:15:2:31 | document.location | exception-xss.js:2:9:2:31 | foo |
| exception-xss.js:4:20:4:20 | x | exception-xss.js:5:14:5:14 | x |

2
javascript/ql/test/query-tests/Security/CWE-079/exception-xss.js
View File

@@ -82,4 +82,6 @@
} catch(e) {
$('myId').html(e); // NOT OK!
}
$('myId').html(foo); // Direct leak, reported by other query.
});