hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: added new test case for remote prop injection via Object.keys

Browse Source
This commit is contained in:
Napalys Klicius
2025-08-27 10:20:38 +00:00
parent 10c10c7d30
commit c39c04cb86
2 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/test/query-tests/Security/CWE-400/RemotePropertyInjection/RemotePropertyInjection.expected
View File

@@ -11,11 +11,11 @@ edges
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | provenance | |
| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | provenance | |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | provenance | |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | provenance | |
| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | provenance | |
| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | provenance | |
| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | provenance | |
| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | provenance | |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:27:25:27:25 | x | provenance | |
| tst.js:27:25:27:25 | x | tst.js:28:15:28:15 | x | provenance | |
| tst.js:28:6:28:15 | result | tst.js:29:9:29:14 | result | provenance | |
| tst.js:28:15:28:15 | x | tst.js:28:6:28:15 | result | provenance | |
| tst.js:29:9:29:14 | result | tst.js:29:9:29:42 | result. ... length) | provenance | |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | provenance | |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | provenance | |
nodes
@@ -26,13 +26,13 @@ nodes
| tst.js:13:15:13:18 | prop | semmle.label | prop |
| tst.js:14:31:14:34 | prop | semmle.label | prop |
| tst.js:16:10:16:13 | prop | semmle.label | prop |
| tst.js:21:25:21:25 | x | semmle.label | x |
| tst.js:22:6:22:15 | result | semmle.label | result |
| tst.js:22:15:22:15 | x | semmle.label | x |
| tst.js:23:9:23:14 | result | semmle.label | result |
| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) |
| tst.js:27:25:27:25 | x | semmle.label | x |
| tst.js:28:6:28:15 | result | semmle.label | result |
| tst.js:28:15:28:15 | x | semmle.label | x |
| tst.js:29:9:29:14 | result | semmle.label | result |
| tst.js:29:9:29:42 | result. ... length) | semmle.label | result. ... length) |
| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url |
| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal |
subpaths
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:27:25:27:25 | x | tst.js:29:9:29:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) |

9
javascript/ql/test/query-tests/Security/CWE-400/RemotePropertyInjection/tst.js
View File

@@ -16,10 +16,15 @@ app.get('/user/:id', function(req, res) {
headers[prop] = 42; // $ Alert
res.set(headers);
myCoolLocalFct[req.query.x](); // OK - flagged by method name injection
Object.keys(req.body).forEach( // $ MISSING: Source
key => {
myObj[key] = 42; // $ MISSING: Alert
}
);
});
function myCoolLocalFct(x) {
var result = x;
return result.substring(0, result.length);
}
}