hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Extend suspiciousCredentials predicate to recognise authKey and similar.

Browse Source
This commit is contained in:
Max Schaefer
2019-01-31 09:03:23 +00:00
parent 87e62f0bd5
commit b87abc9602
3 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/SensitiveActions.qll
View File

@@ -40,7 +40,8 @@ module HeuristicNames {
string suspiciousCredentials() {
result = "(?i).*pass(wd|word|code|phrase)(?!.*question).*" or
result = "(?i).*(puid|username|userid).*" or
result = "(?i).*(cert)(?!.*(format|name)).*"
result = "(?i).*(cert)(?!.*(format|name)).*" or
result = "(?i).*(auth(entication|ori[sz]ation)?)key.*"
}
}
private import HeuristicNames

2
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
View File

@@ -5,6 +5,7 @@ nodes
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName |
edges
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
@@ -15,4 +16,5 @@ edges
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | here |
| PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | here |
| PostMessageStar2.js:9:29:9:36 | data.foo | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | here |
| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:13:27:13:33 | authKey | here |
| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar.js:1:27:1:34 | userName | here |

2
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar2.js
View File

@@ -9,3 +9,5 @@ window.parent.postMessage(password, '*'); // NOT OK
window.parent.postMessage(data.foo, '*'); // NOT OK
window.parent.postMessage(data.bar, '*'); // OK
})();
window.parent.postMessage(authKey, '*');