From aeb8cc62b2255848fa3af5951d1655f99967fab8 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Thu, 31 Jan 2019 08:08:52 +0000
Subject: [PATCH] JavaScript: Reclassify `PostMessageStar` as CWE-201.

---
 change-notes/1.20/analysis-javascript.md                        | 2 +-
 javascript/config/suites/javascript/security                    | 2 +-
 .../ql/src/Security/{CWE-359 => CWE-201}/PostMessageStar.qhelp  | 0
 .../ql/src/Security/{CWE-359 => CWE-201}/PostMessageStar.ql     | 1 +
 .../Security/{CWE-359 => CWE-201}/examples/PostMessageStar.js   | 0
 .../{CWE-359 => CWE-201}/examples/PostMessageStarGood.js        | 0
 .../Security/{CWE-359 => CWE-201}/PostMessageStar.expected      | 0
 .../Security/{CWE-359 => CWE-201}/PostMessageStar.js            | 0
 .../ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref  | 1 +
 .../Security/{CWE-359 => CWE-201}/PostMessageStar2.js           | 0
 .../Security/{CWE-359 => CWE-201}/PostMessageStarGood.js        | 0
 .../ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref  | 1 -
 12 files changed, 4 insertions(+), 3 deletions(-)
 rename javascript/ql/src/Security/{CWE-359 => CWE-201}/PostMessageStar.qhelp (100%)
 rename javascript/ql/src/Security/{CWE-359 => CWE-201}/PostMessageStar.ql (96%)
 rename javascript/ql/src/Security/{CWE-359 => CWE-201}/examples/PostMessageStar.js (100%)
 rename javascript/ql/src/Security/{CWE-359 => CWE-201}/examples/PostMessageStarGood.js (100%)
 rename javascript/ql/test/query-tests/Security/{CWE-359 => CWE-201}/PostMessageStar.expected (100%)
 rename javascript/ql/test/query-tests/Security/{CWE-359 => CWE-201}/PostMessageStar.js (100%)
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref
 rename javascript/ql/test/query-tests/Security/{CWE-359 => CWE-201}/PostMessageStar2.js (100%)
 rename javascript/ql/test/query-tests/Security/{CWE-359 => CWE-201}/PostMessageStarGood.js (100%)
 delete mode 100644 javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref

diff --git a/change-notes/1.20/analysis-javascript.md b/change-notes/1.20/analysis-javascript.md
index 035c500e6c4..67f2d6accdf 100644
--- a/change-notes/1.20/analysis-javascript.md
+++ b/change-notes/1.20/analysis-javascript.md
@@ -14,7 +14,7 @@
 
 | **Query**                                     | **Tags**                                             | **Purpose**                                                                                                                                                                 |
 |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Cross-window communication with unrestricted target origin (`js/cross-window-information-leak`) | security, external/cwe/359 | Highlights code that sends potentially sensitive information to another window without restricting the receiver window's origin. Results are shown on LGTM by default. |
+| Cross-window communication with unrestricted target origin (`js/cross-window-information-leak`) | security, external/cwe/201, external/cwe/359 | Highlights code that sends potentially sensitive information to another window without restricting the receiver window's origin, indicating a possible violation of [CWE-201](https://cwe.mitre.org/data/definitions/201.html). Results are shown on LGTM by default. |
 | Double escaping or unescaping (`js/double-escaping`) | correctness, security, external/cwe/cwe-116 | Highlights potential double escaping or unescaping of special characters, indicating a possible violation of [CWE-116](https://cwe.mitre.org/data/definitions/116.html). Results are shown on LGTM by default. |
 | Incomplete regular expression for hostnames (`js/incomplete-hostname-regexp`) | correctness, security, external/cwe/cwe-020 |  Highlights hostname sanitizers that are likely to be incomplete, indicating a violation of [CWE-020](https://cwe.mitre.org/data/definitions/20.html). Results are shown on LGTM by default.|
 | Incomplete URL substring sanitization | correctness, security, external/cwe/cwe-020 | Highlights URL sanitizers that are likely to be incomplete, indicating a violation of [CWE-020](https://cwe.mitre.org/data/definitions/20.html). Results shown on LGTM by default. |
diff --git a/javascript/config/suites/javascript/security b/javascript/config/suites/javascript/security
index 77c352a61a8..f572def7e8e 100644
--- a/javascript/config/suites/javascript/security
+++ b/javascript/config/suites/javascript/security
@@ -14,6 +14,7 @@
 + semmlecode-javascript-queries/Security/CWE-116/IncompleteSanitization.ql: /Security/CWE/CWE-116
 + semmlecode-javascript-queries/Security/CWE-116/DoubleEscaping.ql: /Security/CWE/CWE-116
 + semmlecode-javascript-queries/Security/CWE-134/TaintedFormatString.ql: /Security/CWE/CWE-134
++ semmlecode-javascript-queries/Security/CWE-201/PostMessageStar.ql: /Security/CWE/CWE-201
 + semmlecode-javascript-queries/Security/CWE-209/StackTraceExposure.ql: /Security/CWE/CWE-209
 + semmlecode-javascript-queries/Security/CWE-312/CleartextStorage.ql: /Security/CWE/CWE-312
 + semmlecode-javascript-queries/Security/CWE-312/CleartextLogging.ql: /Security/CWE/CWE-312
@@ -22,7 +23,6 @@
 + semmlecode-javascript-queries/Security/CWE-338/InsecureRandomness.ql: /Security/CWE/CWE-338
 + semmlecode-javascript-queries/Security/CWE-346/CorsMisconfigurationForCredentials.ql: /Security/CWE/CWE-346
 + semmlecode-javascript-queries/Security/CWE-352/MissingCsrfMiddleware.ql: /Security/CWE/CWE-352
-+ semmlecode-javascript-queries/Security/CWE-359/PostMessageStar.ql: /Security/CWE/CWE-359
 + semmlecode-javascript-queries/Security/CWE-400/RemotePropertyInjection.ql: /Security/CWE/CWE-400
 + semmlecode-javascript-queries/Security/CWE-502/UnsafeDeserialization.ql: /Security/CWE/CWE-502
 + semmlecode-javascript-queries/Security/CWE-506/HardcodedDataInterpretedAsCode.ql: /Security/CWE/CWE-506
diff --git a/javascript/ql/src/Security/CWE-359/PostMessageStar.qhelp b/javascript/ql/src/Security/CWE-201/PostMessageStar.qhelp
similarity index 100%
rename from javascript/ql/src/Security/CWE-359/PostMessageStar.qhelp
rename to javascript/ql/src/Security/CWE-201/PostMessageStar.qhelp
diff --git a/javascript/ql/src/Security/CWE-359/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
similarity index 96%
rename from javascript/ql/src/Security/CWE-359/PostMessageStar.ql
rename to javascript/ql/src/Security/CWE-201/PostMessageStar.ql
index 6705079cff9..e746b28a3d4 100644
--- a/javascript/ql/src/Security/CWE-359/PostMessageStar.ql
+++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
@@ -8,6 +8,7 @@
  * @precision high
  * @id js/cross-window-information-leak
  * @tags security
+ *       external/cwe/cwe-201
  *       external/cwe/cwe-359
  */
 
diff --git a/javascript/ql/src/Security/CWE-359/examples/PostMessageStar.js b/javascript/ql/src/Security/CWE-201/examples/PostMessageStar.js
similarity index 100%
rename from javascript/ql/src/Security/CWE-359/examples/PostMessageStar.js
rename to javascript/ql/src/Security/CWE-201/examples/PostMessageStar.js
diff --git a/javascript/ql/src/Security/CWE-359/examples/PostMessageStarGood.js b/javascript/ql/src/Security/CWE-201/examples/PostMessageStarGood.js
similarity index 100%
rename from javascript/ql/src/Security/CWE-359/examples/PostMessageStarGood.js
rename to javascript/ql/src/Security/CWE-201/examples/PostMessageStarGood.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.expected b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.expected
rename to javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
diff --git a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.js b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.js
rename to javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref
new file mode 100644
index 00000000000..1f3b38b16f0
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref
@@ -0,0 +1 @@
+Security/CWE-201/PostMessageStar.ql
\ No newline at end of file
diff --git a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar2.js b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar2.js
rename to javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStarGood.js b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStarGood.js
similarity index 100%
rename from javascript/ql/test/query-tests/Security/CWE-359/PostMessageStarGood.js
rename to javascript/ql/test/query-tests/Security/CWE-201/PostMessageStarGood.js
diff --git a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref b/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref
deleted file mode 100644
index 831b437cdfb..00000000000
--- a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref
+++ /dev/null
@@ -1 +0,0 @@
-Security/CWE-359/PostMessageStar.ql
\ No newline at end of file