hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

update comments in TaintedPath tests

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-06-04 10:40:14 +02:00
parent 70131e6ac8
commit d513e6c5b5
3 changed files with 2949 additions and 2957 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5874
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

25
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
View File

@@ -14,40 +14,33 @@ var server = http.createServer(function(req, res) {
// BAD: This could still read any file on the file system
res.write(fs.readFileSync("/home/user/" + path));
// BAD: Insufficient sanitisation
if (path.startsWith("/home/user/"))
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
// BAD: Insufficient sanitisation
if (path.indexOf("secret") == -1)
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
// BAD: Insufficient sanitisation
if (fs.existsSync(path))
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
// GOOD: Path is compared to white-list
if (path === 'foo.txt')
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list [INCONSISTENCY]
// GOOD: Path is compared to white-list
if (path === 'foo.txt' || path === 'bar.txt')
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list [INCONSISTENCY]
// BAD: Path is incompletely compared to white-list
if (path === 'foo.txt' || path === 'bar.txt' || someOpaqueCondition())
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // BAD: Path is incompletely compared to white-list
// GOOD: Path is sanitized
path = sanitize(path);
res.write(fs.readFileSync(path));
res.write(fs.readFileSync(path)); // GOOD: Path is sanitized
path = url.parse(req.url, true).query.path;
// BAD: taint is preserved
// BAD: taint is preserved [INCONSISTENCY]
res.write(fs.readFileSync(pathModule.basename(path)));
// BAD: taint is preserved
res.write(fs.readFileSync(pathModule.dirname(path)));
// BAD: taint is preserved
// BAD: taint is preserved [INCONSISTENCY]
res.write(fs.readFileSync(pathModule.extname(path)));
// BAD: taint is preserved
res.write(fs.readFileSync(pathModule.join(path)));

7
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js
View File

@@ -7,12 +7,11 @@ var fs = require('fs'),
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
// BAD: taint is preserved
res.write(fs.readFileSync(['public', path].join('/')));
// BAD: taint is preserved
res.write(fs.readFileSync(['public', path].join('/'))); // BAD: taint is preserved [INCONSISTENCY]
let parts = ['public', path];
parts = parts.map(x => x.toLowerCase());
res.write(fs.readFileSync(parts.join('/')));
res.write(fs.readFileSync(parts.join('/'))); // BAD: taint is preserved [INCONSISTENCY]
});
server.listen();