hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add more tests for js/incomplete-url-substring-sanitization

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-01-30 10:37:48 +01:00
parent 321b3f1ab5
commit cfc53ade69
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization.expected
View File

@@ -11,3 +11,8 @@
| tst-IncompleteUrlSubstringSanitization.js:33:5:33:39 | x.index ... m:443") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:33:15:33:38 | "https: ... om:443" | https://secure.com:443 |
| tst-IncompleteUrlSubstringSanitization.js:34:5:34:36 | x.index ... .com/") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:34:15:34:35 | "https: ... e.com/" | https://secure.com/ |
| tst-IncompleteUrlSubstringSanitization.js:52:5:52:41 | x.index ... ernal") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:52:15:52:40 | "https: ... ternal" | https://example.internal |
| tst-IncompleteUrlSubstringSanitization.js:55:5:55:44 | x.start ... ernal") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:55:18:55:43 | "https: ... ternal" | https://example.internal |
| tst-IncompleteUrlSubstringSanitization.js:56:5:56:45 | x.index ... l.org') | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:56:15:56:44 | 'https: ... al.org' | https://example.internal.org |
| tst-IncompleteUrlSubstringSanitization.js:57:5:57:45 | x.index ... l.org') | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:57:15:57:44 | 'https: ... al.org' | https://example.internal.org |
| tst-IncompleteUrlSubstringSanitization.js:58:5:58:30 | x.endsW ... l.com") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:58:16:58:29 | "internal.com" | internal.com |
| tst-IncompleteUrlSubstringSanitization.js:61:2:61:24 | x.index ... e.com") | '$@' may be at an arbitrary position in the sanitized URL. | tst-IncompleteUrlSubstringSanitization.js:61:12:61:23 | "secure.com" | secure.com |

8
javascript/ql/test/query-tests/Security/CWE-020/tst-IncompleteUrlSubstringSanitization.js
View File

@@ -51,4 +51,12 @@
x.indexOf("https://example.internal"); // NOT OK
x.indexOf("https://"); // OK
x.startsWith("https://example.internal"); // NOT OK
x.indexOf('https://example.internal.org') !== 0; // NOT OK
x.indexOf('https://example.internal.org') === 0; // NOT OK
x.endsWith("internal.com"); // NOT OK
x.startsWith("https://example.internal:80"); // OK
x.indexOf("secure.com") !== -1; // NOT OK
});