hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

add failing test for spurious edge through sanitizer

Browse Source
This commit is contained in:
erik-krogh
2023-02-13 11:49:57 +01:00
parent 26d5fb2412
commit c258e44772
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
View File

@@ -157,6 +157,10 @@ nodes
| xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src |
| xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src |
| xss-through-dom.js:148:37:148:59 | DOMPuri ... ze(src) |
| xss-through-dom.js:148:56:148:58 | src |
edges
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
@@ -257,8 +261,12 @@ edges
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:148:56:148:58 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:148:37:148:59 | DOMPuri ... ze(src) | xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src |
| xss-through-dom.js:148:37:148:59 | DOMPuri ... ze(src) | xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src |
| xss-through-dom.js:148:56:148:58 | src | xss-through-dom.js:148:37:148:59 | DOMPuri ... ze(src) |
#select
| forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
| forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
@@ -302,3 +310,4 @@ edges
| xss-through-dom.js:132:16:132:23 | linkText | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:132:16:132:23 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | DOM text |
| xss-through-dom.js:140:19:140:21 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:140:19:140:21 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:141:25:141:27 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:141:25:141:27 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:148:25:148:65 | DOMPuri ... ) : src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |

7
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js
View File

@@ -139,4 +139,11 @@ const cashDom = require("cash-dom");
const src = document.getElementById("#link").src;
cash("#id").html(src); // NOT OK.
cashDom("#id").html(src); // NOT OK
var DOMPurify = {
sanitize: function (src) {
return src; // to model spuriously finding an edge. The below is still OK.
}
};
cashDom("#id").html(DOMPurify ? DOMPurify.sanitize(src) : src); // OK - but currently flagged [INCONSISTENCY]
})();