hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add step through the fclone library

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-06-24 11:32:59 +02:00
parent f99a33598f
commit 94cbc4b2c0
5 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/Extend.qll
View File

@@ -178,11 +178,11 @@ private class ExtendCallTaintStep extends TaintTracking::SharedTaintStep {
private import semmle.javascript.dataflow.internal.PreCallGraphStep
/**
* A step for the `clone` package.
* A step through a cloning library, such as `clone` or `fclone`.
*/
private class CloneStep extends PreCallGraphStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call | call = DataFlow::moduleImport("clone").getACall() |
exists(DataFlow::CallNode call | call = DataFlow::moduleImport(["clone", "fclone"]).getACall() |
pred = call.getArgument(0) and
succ = call
)

17
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -190,6 +190,14 @@ nodes
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
@@ -359,6 +367,13 @@ edges
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
@@ -412,5 +427,7 @@ edges
| tst2.js:36:12:36:12 | p | tst2.js:30:9:30:9 | p | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | tst2.js:30:9:30:9 | p | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | tst2.js:43:9:43:9 | p | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | tst2.js:57:9:57:9 | p | tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -40,5 +40,7 @@
| tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

13
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/tst2.js
View File

@@ -49,4 +49,17 @@ app.get('/baz', function(req, res) {
var unsafe = serializeJavaScript(p, {unsafe: true});
res.send(unsafe); // NOT OK
});
const fclone = require('fclone');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = fclone(obj);
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});