JS: whitelist quote stripping for js/incomplete-sanitization

2025-12-24 12:46:34 +01:00 · 2019-09-05 09:47:49 +01:00
parent 641232a9d7
commit a9665f53b8
3 changed files with 10 additions and 0 deletions
--- a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
+++ b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
@@ -122,6 +122,10 @@ predicate isDelimiterUnwrapper(
    left = "{" and right = "}"
    or
    left = "(" and right = ")"
+    or
+    left = "\"" and right = "\""
+    or
+    left = "'" and right = "'"
  |
    removesFirstOccurence(leftUnwrap, left) and
    removesFirstOccurence(rightUnwrap, right) and
--- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -192,3 +192,8 @@ app.get('/some/path', function(req, res) {
 	var indirect = /'/;
 	return s.replace(indirect, ""); // NOT OK
 });
+
+(function (s) {
+	s.replace('"', '').replace('"', ''); // OK
+	s.replace("'", "").replace("'", ""); // OK
+});