hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

using pseudo-properties to model URL parsing

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-02-04 16:26:09 +01:00
parent 4b89eee683
commit 8d37c03209
3 changed files with 86 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -333,6 +333,10 @@ nodes
| tst.js:319:35:319:42 | location |
| tst.js:319:35:319:42 | location |
| tst.js:319:35:319:42 | location |
| tst.js:330:18:330:34 | document.location |
| tst.js:330:18:330:34 | document.location |
| tst.js:336:18:336:35 | params.get('name') |
| tst.js:336:18:336:35 | params.get('name') |
| typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:38 | document.location |
| typeahead.js:20:22:20:38 | document.location |
@@ -642,6 +646,10 @@ edges
| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
| tst.js:313:10:313:10 | e | tst.js:314:20:314:20 | e |
| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
@@ -741,6 +749,7 @@ edges
| tst.js:306:20:306:20 | e | tst.js:304:9:304:16 | location | tst.js:306:20:306:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:304:9:304:16 | location | user-provided value |
| tst.js:314:20:314:20 | e | tst.js:311:10:311:17 | location | tst.js:314:20:314:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:311:10:311:17 | location | user-provided value |
| tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | tst.js:319:35:319:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:319:35:319:42 | location | user-provided value |
| tst.js:336:18:336:35 | params.get('name') | tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:330:18:330:34 | document.location | user-provided value |
| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:38 | document.location | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:38 | document.location | user-provided value |
| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
| winjs.js:3:43:3:49 | tainted | winjs.js:2:17:2:33 | document.location | winjs.js:3:43:3:49 | tainted | Cross-site scripting vulnerability due to $@. | winjs.js:2:17:2:33 | document.location | user-provided value |

11
javascript/ql/test/query-tests/Security/CWE-079/tst.js
View File

@@ -324,4 +324,15 @@ function test2() {
// OK
$('myId').html(target.length)
}
function getTaintedUrl() {
return new URL(document.location);
}
function URLPseudoProperties() {
// NOT OK
let params = getTaintedUrl().searchParams;
$('name').html(params.get('name'));
}