hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into js-threat-models

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2024-11-01 10:48:32 +01:00
committed by GitHub
parent dc8e645594 03ffaac87a
commit c0ad9ba529
660 changed files with 80032 additions and 72643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/test/query-tests/Security/CWE-611/Xxe.qlref
View File

@@ -1 +1,2 @@
Security/CWE-611/Xxe.ql
query: Security/CWE-611/Xxe.ql
postprocess: testUtilities/InlineExpectationsTestQuery.ql

6
javascript/ql/test/query-tests/Security/CWE-611/domparser.js
View File

@@ -1,5 +1,5 @@
function test() {
var src = document.location.search;
var src = document.location.search; // $ Source=search
if (window.DOMParser) {
// OK: DOMParser only expands internal general entities
@@ -8,10 +8,10 @@ function test() {
var parser;
try {
// NOT OK: XMLDOM expands external entities by default
(new ActiveXObject("Microsoft.XMLDOM")).loadXML(src);
(new ActiveXObject("Microsoft.XMLDOM")).loadXML(src); // $ Alert=search
} catch (e) {
// NOT OK: MSXML expands external entities by default
(new ActiveXObject("Msxml2.DOMDocument")).loadXML(src);
(new ActiveXObject("Msxml2.DOMDocument")).loadXML(src); // $ Alert=search
}
}
}

16
javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
View File

@@ -1,20 +1,20 @@
const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
express().get('/some/path', function (req) {
// NOT OK: unguarded entity expansion
libxmljs.parseXml(req.param("some-xml"), { noent: true });
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert
});
express().post('/some/path', function(req, res) {
express().post('/some/path', function (req, res) {
// NOT OK: unguarded entity expansion
libxmljs.parseXml(req.param("some-xml"), { noent: true });
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.param("some-xml"), {noent:true})
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), {noent:true})
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Source=files $ Alert=files
// OK - no entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), {noent:false})
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })
});

4
javascript/ql/test/query-tests/Security/CWE-611/libxml.sax.js
View File

@@ -1,7 +1,7 @@
const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
express().get('/some/path', function (req) {
const parser = new libxmljs.SaxParser();
parser.parseString(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
parser.parseString(req.param("some-xml")); // $ Alert: the SAX parser expands external entities by default
});

4
javascript/ql/test/query-tests/Security/CWE-611/libxml.saxpush.js
View File

@@ -1,7 +1,7 @@
const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
express().get('/some/path', function (req) {
const parser = new libxmljs.SaxPushParser();
parser.push(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
parser.push(req.param("some-xml")); // $ Alert: the SAX parser expands external entities by default
});