hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6295 from erik-krogh/sort-keys

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2021-07-16 02:09:47 -07:00
committed by GitHub
parent 520337577b 28b98c1bfa
commit d4fa1f7d96
5 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/Extend.qll
View File

@@ -183,7 +183,8 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep
private class CloneStep extends PreCallGraphStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call |
call = DataFlow::moduleImport(["clone", "fclone"]).getACall()
// `camelcase-keys` isn't quite a cloning library. But it's pretty close.
call = DataFlow::moduleImport(["clone", "fclone", "sort-keys", "camelcase-keys"]).getACall()
or
call = DataFlow::moduleMember("json-cycle", ["decycle", "retrocycle"]).getACall()
|

17
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -206,6 +206,14 @@ nodes
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
@@ -389,6 +397,13 @@ edges
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
@@ -446,5 +461,7 @@ edges
| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | tst2.js:69:9:69:9 | p | tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | tst2.js:69:9:69:9 | p | tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | tst2.js:82:9:82:9 | p | tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | tst2.js:82:9:82:9 | p | tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -44,5 +44,7 @@
| tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

13
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/tst2.js
View File

@@ -72,6 +72,19 @@ app.get('/baz', function(req, res) {
obj.p = p;
var other = jc.retrocycle(jc.decycle(obj));
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});
const sortKeys = require('sort-keys');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = sortKeys(obj);
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});