hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: sharpen js/incomplete-url-regexp by not matching .* or .+

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-12-06 21:51:31 +01:00
parent c65c7e700e
commit d4e4bc6a0b
3 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlRegExp.expected
View File

@@ -1,8 +1,6 @@
| tst-IncompleteUrlRegExp.js:3:2:3:28 | /http:\\ ... le.com/ | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:5:2:5:28 | /http:\\ ... le.net/ | This regular expression has an unescaped '.', which means that 'example.net' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:6:2:6:42 | /http:\\ ... b).com/ | This regular expression has an unescaped '.', which means that '(example-a\|example-b).com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:7:2:7:30 | /http:\\ ... le.com/ | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:9:2:9:39 | /http:\\ ... le.com/ | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:11:13:11:37 | "http:/ ... le.com" | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:12:10:12:34 | "http:/ ... le.com" | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:15:22:15:46 | "http:/ ... le.com" | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
@@ -11,7 +9,6 @@
| tst-IncompleteUrlRegExp.js:19:17:19:34 | 'test.example.com' | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:22:27:22:44 | 'test.example.com' | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:28:22:28:39 | 'test.example.com' | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:36:2:36:37 | /(.+\\.( ... \\.com)/ | This regular expression has an unescaped '.', which means that '(?:example-a\|example-b)\\.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:37:2:37:54 | /^(http ... =$\|\\/)/ | This regular expression has an unescaped '.', which means that ')?example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:38:2:38:44 | /^(http ... p\\/f\\// | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |
| tst-IncompleteUrlRegExp.js:39:2:39:34 | /\\(http ... m\\/\\)/g | This regular expression has an unescaped '.', which means that 'example.com' might not match the intended host of a matched URL. |

6
javascript/ql/test/query-tests/Security/CWE-020/tst-IncompleteUrlRegExp.js
View File

@@ -4,9 +4,9 @@
/http:\/\/test\\.example.com/; // OK
/http:\/\/test.example.net/; // NOT OK
/http:\/\/test.(example-a|example-b).com/; // NOT OK
/http:\/\/(.+)\\.example.com/; // NOT OK
/http:\/\/(.+)\\.example.com/; // NOT OK, but not yet supported with enough precision
/http:\/\/(\\.+)\\.example.com/; // OK
/http:\/\/(?:.+)\\.test\\.example.com/; // NOT OK
/http:\/\/(?:.+)\\.test\\.example.com/; // NOT OK, but not yet supported with enough precision
/http:\/\/test.example.com\/(?:.*)/; // OK
new RegExp("http://test.example.com"); // NOT OK
s.match("http://test.example.com"); // NOT OK
@@ -33,7 +33,7 @@
}
domains.map(d => convert(d));
/(.+\.(?:example-a|example-b)\.com)/; // NOT OK
/(.+\.(?:example-a|example-b)\.com)/; // NOT OK, but not yet supported with enough precision
/^(https?:)?\/\/((service|www).)?example.com(?=$|\/)/; // NOT OK
/^(http|https):\/\/www.example.com\/p\/f\//; // NOT OK
/\(http:\/\/sub.example.com\/\)/g; // NOT OK