JavaScript: Reclassify PostMessageStar as CWE-201.

2025-12-16 16:53:25 +01:00 · 2019-01-31 08:08:52 +00:00
parent 769e407c24
commit aeb8cc62b2
12 changed files with 4 additions and 3 deletions
--- a/change-notes/1.20/analysis-javascript.md
+++ b/change-notes/1.20/analysis-javascript.md
@@ -14,7 +14,7 @@

 | **Query**                                     | **Tags**                                             | **Purpose**                                                                                                                                                                 |
 |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Cross-window communication with unrestricted target origin (`js/cross-window-information-leak`) | security, external/cwe/359 | Highlights code that sends potentially sensitive information to another window without restricting the receiver window's origin. Results are shown on LGTM by default. |
+| Cross-window communication with unrestricted target origin (`js/cross-window-information-leak`) | security, external/cwe/201, external/cwe/359 | Highlights code that sends potentially sensitive information to another window without restricting the receiver window's origin, indicating a possible violation of [CWE-201](https://cwe.mitre.org/data/definitions/201.html). Results are shown on LGTM by default. |
 | Double escaping or unescaping (`js/double-escaping`) | correctness, security, external/cwe/cwe-116 | Highlights potential double escaping or unescaping of special characters, indicating a possible violation of [CWE-116](https://cwe.mitre.org/data/definitions/116.html). Results are shown on LGTM by default. |
 | Incomplete regular expression for hostnames (`js/incomplete-hostname-regexp`) | correctness, security, external/cwe/cwe-020 |  Highlights hostname sanitizers that are likely to be incomplete, indicating a violation of [CWE-020](https://cwe.mitre.org/data/definitions/20.html). Results are shown on LGTM by default.|
 | Incomplete URL substring sanitization | correctness, security, external/cwe/cwe-020 | Highlights URL sanitizers that are likely to be incomplete, indicating a violation of [CWE-020](https://cwe.mitre.org/data/definitions/20.html). Results shown on LGTM by default. |
--- a/javascript/config/suites/javascript/security
+++ b/javascript/config/suites/javascript/security
@@ -14,6 +14,7 @@
 + semmlecode-javascript-queries/Security/CWE-116/IncompleteSanitization.ql: /Security/CWE/CWE-116
 + semmlecode-javascript-queries/Security/CWE-116/DoubleEscaping.ql: /Security/CWE/CWE-116
 + semmlecode-javascript-queries/Security/CWE-134/TaintedFormatString.ql: /Security/CWE/CWE-134
+ semmlecode-javascript-queries/Security/CWE-201/PostMessageStar.ql: /Security/CWE/CWE-201
 + semmlecode-javascript-queries/Security/CWE-209/StackTraceExposure.ql: /Security/CWE/CWE-209
 + semmlecode-javascript-queries/Security/CWE-312/CleartextStorage.ql: /Security/CWE/CWE-312
 + semmlecode-javascript-queries/Security/CWE-312/CleartextLogging.ql: /Security/CWE/CWE-312
@@ -22,7 +23,6 @@
 + semmlecode-javascript-queries/Security/CWE-338/InsecureRandomness.ql: /Security/CWE/CWE-338
 + semmlecode-javascript-queries/Security/CWE-346/CorsMisconfigurationForCredentials.ql: /Security/CWE/CWE-346
 + semmlecode-javascript-queries/Security/CWE-352/MissingCsrfMiddleware.ql: /Security/CWE/CWE-352
-+ semmlecode-javascript-queries/Security/CWE-359/PostMessageStar.ql: /Security/CWE/CWE-359
 + semmlecode-javascript-queries/Security/CWE-400/RemotePropertyInjection.ql: /Security/CWE/CWE-400
 + semmlecode-javascript-queries/Security/CWE-502/UnsafeDeserialization.ql: /Security/CWE/CWE-502
 + semmlecode-javascript-queries/Security/CWE-506/HardcodedDataInterpretedAsCode.ql: /Security/CWE/CWE-506
--- a/javascript/ql/src/Security/CWE-201/PostMessageStar.qhelp
+++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.qhelp
--- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
+++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id js/cross-window-information-leak
 * @tags security
+ *       external/cwe/cwe-201
 *       external/cwe/cwe-359
 */

--- a/javascript/ql/src/Security/CWE-201/examples/PostMessageStar.js
+++ b/javascript/ql/src/Security/CWE-201/examples/PostMessageStar.js
--- a/javascript/ql/src/Security/CWE-201/examples/PostMessageStarGood.js
+++ b/javascript/ql/src/Security/CWE-201/examples/PostMessageStarGood.js
--- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
--- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.js
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.js
--- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.qlref
@@ -0,0 +1 @@
+Security/CWE-201/PostMessageStar.ql
--- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
--- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStarGood.js
+++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStarGood.js
--- a/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-359/PostMessageStar.qlref
@@ -1 +0,0 @@
-Security/CWE-359/PostMessageStar.ql