add failing test

2026-05-02 20:25:13 +02:00 · 2023-01-02 10:02:49 +01:00
parent 50cd40ed20
commit e02b67af63
2 changed files with 37 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
@@ -218,6 +218,11 @@ nodes
 | typed.ts:28:24:28:34 | redirectUri |
 | typed.ts:29:33:29:43 | redirectUri |
 | typed.ts:29:33:29:43 | redirectUri |
+| typed.ts:47:25:47:34 | loc.search |
+| typed.ts:47:25:47:34 | loc.search |
+| typed.ts:51:24:51:34 | redirectUri |
+| typed.ts:52:33:52:43 | redirectUri |
+| typed.ts:52:33:52:43 | redirectUri |
 edges
 | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
 | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
@@ -412,6 +417,10 @@ edges
 | typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri |
 | typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
 | typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
+| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri |
+| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri |
+| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri |
+| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri |
 #select
 | electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value |
 | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value |
@@ -475,3 +484,4 @@ edges
 | tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value |
 | typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value |
 | typed.ts:29:33:29:43 | redirectUri | typed.ts:25:25:25:34 | loc.search | typed.ts:29:33:29:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:25:25:25:34 | loc.search | user-provided value |
+| typed.ts:52:33:52:43 | redirectUri | typed.ts:47:25:47:34 | loc.search | typed.ts:52:33:52:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:47:25:47:34 | loc.search | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/typed.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/typed.ts
@@ -28,4 +28,31 @@ export class MyTrackingComponent {
    private doRedirect(redirectUri: string) {
        window.location.replace(redirectUri);
    }
+}
+
+export class WeirdTracking {
+    componentDidMount() {
+        const { location }: { location: Location } = (this as any).props; // location source
+
+        var container = {
+            loc: location
+        };
+        var secondLoc = container.loc; // type-tracking step 1 - not the source
+        
+        this.myIndirectRedirect(secondLoc); 
+    }
+
+    private myIndirectRedirect(loc) { // type-tracking step 2 - also not the source
+        const loc2 : Location = (loc as any).componentDidMount;
+        this.doRedirect(loc.search);
+        this.doRedirect2(loc2.search);
+    }
+
+    private doRedirect(redirectUri: string) {
+        window.location.replace(redirectUri); // NOT OK - and correctly flagged
+    }
+
+    private doRedirect2(redirectUri: string) {
+        window.location.replace(redirectUri); // NOT OK - but not flagged [INCONSISTENCY]
+    }
 }