hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port IncompleteHtmlAttributeSanitization

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:20:09 +02:00
parent 9128722627
commit e3ab5bdd16
3 changed files with 50 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
View File

@@ -15,9 +15,9 @@
*/
import javascript
import DataFlow::PathGraph
import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationQuery
import semmle.javascript.security.IncompleteBlacklistSanitizer
import DataFlow::DeduplicatePathGraph<IncompleteHtmlAttributeSanitizationFlow::PathNode, IncompleteHtmlAttributeSanitizationFlow::PathGraph>
/**
* Gets a pretty string of the dangerous characters for `sink`.
@@ -31,8 +31,10 @@ string prettyPrintDangerousCharaters(Sink sink) {
).regexpReplaceAll(",(?=[^,]+$)", " or")
}
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
from PathNode source, PathNode sink
where
IncompleteHtmlAttributeSanitizationFlow::flowPath(source.getAnOriginalPathNode(),
sink.getAnOriginalPathNode())
select sink.getNode(), source, sink,
// this message is slightly sub-optimal as we do not have an easy way
// to get the flow labels that reach the sink, so the message includes