hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add domNode.innerHTML += sink as a DOM sink

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-04-05 14:23:10 +02:00
committed by erik-krogh
parent 74a79f8622
commit e387ebaedd
4 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -116,6 +116,11 @@ nodes
| classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:15:52:15:62 | window.name |
| classnames.js:15:52:15:62 | window.name |
| classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:48:17:64 | clsx(window.name) |
| classnames.js:17:53:17:63 | window.name |
| classnames.js:17:53:17:63 | window.name |
| clipboard.ts:8:11:8:51 | html |
| clipboard.ts:8:11:8:51 | html |
| clipboard.ts:8:18:8:51 | clipboa ... /html') |
@@ -1187,6 +1192,10 @@ edges
| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `<span ... <span>` |
| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
@@ -2182,6 +2191,7 @@ edges
| classnames.js:11:31:11:79 | `<span ... <span>` | classnames.js:10:45:10:55 | window.name | classnames.js:11:31:11:79 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:10:45:10:55 | window.name | user-provided value |
| classnames.js:13:31:13:83 | `<span ... <span>` | classnames.js:13:57:13:67 | window.name | classnames.js:13:31:13:83 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:13:57:13:67 | window.name | user-provided value |
| classnames.js:15:31:15:78 | `<span ... <span>` | classnames.js:15:52:15:62 | window.name | classnames.js:15:31:15:78 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:15:52:15:62 | window.name | user-provided value |
| classnames.js:17:32:17:79 | `<span ... <span>` | classnames.js:17:53:17:63 | window.name | classnames.js:17:32:17:79 | `<span ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:17:53:17:63 | window.name | user-provided value |
| clipboard.ts:15:25:15:28 | html | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | clipboard.ts:8:18:8:51 | clipboa ... /html') | user-provided value |
| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:24:23:24:58 | e.clipb ... /html') | user-provided value |
| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | Cross-site scripting vulnerability due to $@. | clipboard.ts:29:19:29:54 | e.clipb ... /html') | user-provided value |

9
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -116,6 +116,11 @@ nodes
| classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:15:52:15:62 | window.name |
| classnames.js:15:52:15:62 | window.name |
| classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:48:17:64 | clsx(window.name) |
| classnames.js:17:53:17:63 | window.name |
| classnames.js:17:53:17:63 | window.name |
| clipboard.ts:8:11:8:51 | html |
| clipboard.ts:8:11:8:51 | html |
| clipboard.ts:8:18:8:51 | clipboa ... /html') |
@@ -1237,6 +1242,10 @@ edges
| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `<span ... <span>` |
| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) |
| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span ... <span>` |
| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html |

2
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/classnames.js
View File

@@ -13,4 +13,6 @@ function main() {
document.body.innerHTML = `<span class="${safeStyle(window.name)}">Hello<span>`; // NOT OK
document.body.innerHTML = `<span class="${safeStyle('foo')}">Hello<span>`; // OK
document.body.innerHTML = `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
document.body.innerHTML += `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
}