hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: better matching of String.prototype.search in js/regex-injection

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-09-05 08:35:00 +02:00
parent 6e9cc46e80
commit b9d825b379
4 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -10,4 +10,5 @@
| RegExpInjection.js:45:20:45:24 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:46:23:46:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:47:22:47:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:50:46:50:50 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| tst.js:3:16:3:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:1:46:1:46 | e | user-provided value |

6
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js
View File

@@ -1,6 +1,6 @@
var express = require('express');
var app = express();
var URI = reuires("urijs");
app.get('/findKey', function(req, res) {
var key = req.param("key"), input = req.param("input");
@@ -46,4 +46,8 @@ app.get('/findKey', function(req, res) {
likelyString.search(input); // NOT OK
maybeString.search(input); // NOT OK
notString.search(input); // OK
URI(`${protocol}://${host}${path}`).search(input); // OK, but still flagged
URI(`${protocol}://${host}${path}`).search(input).href(); // OK
unknown.search(input).unknown; // OK
});