hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18834 from Napalys/js/tanstack

Browse Source 
JS: Support 'response' threat model and @tanstack/react-query
This commit is contained in:
Asger F
2025-02-25 16:16:06 +01:00
committed by GitHub
parent 0522f3f694 3360829a58
commit baa7e35589
9 changed files with 128 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected Normal file
View File

@@ -0,0 +1,24 @@
#select
| test.jsx:27:29:27:32 | data | test.jsx:5:28:5:63 | fetch(" ... ntent") | test.jsx:27:29:27:32 | data | Cross-site scripting vulnerability due to $@. | test.jsx:5:28:5:63 | fetch(" ... ntent") | user-provided value |
edges
| test.jsx:5:11:5:63 | response | test.jsx:6:24:6:31 | response | provenance | |
| test.jsx:5:22:5:63 | await f ... ntent") | test.jsx:5:11:5:63 | response | provenance | |
| test.jsx:5:28:5:63 | fetch(" ... ntent") | test.jsx:5:22:5:63 | await f ... ntent") | provenance | |
| test.jsx:6:11:6:38 | data | test.jsx:7:12:7:15 | data | provenance | |
| test.jsx:6:18:6:38 | await r ... .json() | test.jsx:6:11:6:38 | data | provenance | |
| test.jsx:6:24:6:31 | response | test.jsx:6:24:6:38 | response.json() | provenance | |
| test.jsx:6:24:6:38 | response.json() | test.jsx:6:18:6:38 | await r ... .json() | provenance | |
| test.jsx:7:12:7:15 | data | test.jsx:15:11:17:5 | data | provenance | |
| test.jsx:15:11:17:5 | data | test.jsx:27:29:27:32 | data | provenance | |
nodes
| test.jsx:5:11:5:63 | response | semmle.label | response |
| test.jsx:5:22:5:63 | await f ... ntent") | semmle.label | await f ... ntent") |
| test.jsx:5:28:5:63 | fetch(" ... ntent") | semmle.label | fetch(" ... ntent") |
| test.jsx:6:11:6:38 | data | semmle.label | data |
| test.jsx:6:18:6:38 | await r ... .json() | semmle.label | await r ... .json() |
| test.jsx:6:24:6:31 | response | semmle.label | response |
| test.jsx:6:24:6:38 | response.json() | semmle.label | response.json() |
| test.jsx:7:12:7:15 | data | semmle.label | data |
| test.jsx:15:11:17:5 | data | semmle.label | data |
| test.jsx:27:29:27:32 | data | semmle.label | data |
subpaths

6
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["response", true, 0]

2
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security/CWE-079/Xss.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

34
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/test.jsx Normal file
View File

@@ -0,0 +1,34 @@
import React from "react";
import { useQuery } from "./wrapper";
const fetchContent = async () => {
const response = await fetch("https://example.com/content"); // $ Source[js/xss]
const data = await response.json();
return data;
};
const getQueryOptions = () => {
return {queryFn: fetchContent};
}
const ContentWithDangerousHtml = () => {
const { data, error, isLoading } = useQuery(
getQueryOptions()
);
if (isLoading) return <div>Loading...</div>;
if (error) return <div>Error fetching content!</div>;
return (
<div>
<h1>Content with Dangerous HTML</h1>
<div
dangerouslySetInnerHTML={{
__html: data, // $ Alert[js/xss]
}}
/>
</div>
);
};
export default ContentWithDangerousHtml;

2
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/wrapper.js Normal file
View File

@@ -0,0 +1,2 @@
import { useQuery } from "@tanstack/react-query";
export { useQuery }