hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: fixup qhelp

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-04-03 12:59:22 +02:00
parent 74144b0271
commit cf7d0a7ea5
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
View File

@@ -59,13 +59,14 @@
<p>
Address this vulnerability by escaping <code>.</code>
appropriately: <code>let regex = /(www|beta|)\.example\.com/</code>.
appropriately: <code>let regex = /((www|beta)\.)?example\.com/</code>.
</p>
</example>
<references>
<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions">Regular Expressions</a></li>
<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
</references>

2
javascript/ql/src/Security/CWE-020/examples/IncompleteHostnameRegExp.js
View File

@@ -2,7 +2,7 @@ app.get('/some/path', function(req, res) {
let url = req.param('url'),
host = urlLib.parse(url).host;
// BAD: the host of `url` may be controlled by an attacker
let regex = /(www|beta|).example.com/;
let regex = /((www|beta).)?example.com/;
if (host.match(regex)) {
res.redirect(url);
}