hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

rename files

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-04-12 14:37:43 +02:00
parent 591fcda862
commit bca4d14129
8 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-020/PostMessageNoOriginCheck.qhelp → javascript/ql/src/Security/CWE-020/MissingOriginCheck.qhelp
View File

@@ -24,13 +24,13 @@ The example below uses a received message to execute some code. However, the
origin of the message is not checked, so it might be possible for an attacker
to execute arbitrary code.
</p>
<sample src="examples/postMessageNoOriginCheck.js" />
<sample src="examples/MissingOriginCheckBad.js" />
<p>
The example is fixed below, where the origin is checked to be trusted.
It is therefore not possible for an attacker to attack using an untrusted origin.
</p>
<sample src="examples/postMessageWithOriginCheck.js" />
<sample src="examples/MissingOriginCheckGood.js" />
</example>

2
javascript/ql/src/Security/CWE-020/PostMessageNoOriginCheck.ql → javascript/ql/src/Security/CWE-020/MissingOriginCheck.ql
View File

@@ -5,7 +5,7 @@
* @problem.severity warning
* @security-severity 5
* @precision medium
* @id js/missing-origin-verification
* @id js/missing-origin-check
* @tags correctness
* security
* external/cwe/cwe-020

0
javascript/ql/src/Security/CWE-020/examples/postMessageNoOriginCheck.js → javascript/ql/src/Security/CWE-020/examples/MissingOriginCheckBad.js
View File

0
javascript/ql/src/Security/CWE-020/examples/postMessageWithOriginCheck.js → javascript/ql/src/Security/CWE-020/examples/MissingOriginCheckGood.js
View File

0
javascript/ql/test/query-tests/Security/CWE-020/PostMessage/PostMessageNoOriginCheck.expected → javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.expected
View File

1
javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/MissingOriginCheck.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-020/MissingOriginCheck.ql

0
javascript/ql/test/query-tests/Security/CWE-020/PostMessage/tst.js → javascript/ql/test/query-tests/Security/CWE-020/MissingOriginCheck/tst.js
View File

1
javascript/ql/test/query-tests/Security/CWE-020/PostMessage/PostMessageNoOriginCheck.qlref
View File

@@ -1 +0,0 @@
Security/CWE-020/PostMessageNoOriginCheck.ql