cleanup module imports and update expected outputs

2026-04-29 10:45:15 +02:00 · 2019-11-22 13:55:47 +01:00
parent 85b22536d0
commit f40d79271d
4 changed files with 49 additions and 8 deletions
--- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
+++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
@@ -21,5 +21,5 @@ from
 where
  cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  sink.getNode().(XSS::Shared::Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
+  sink.getNode().(Xss::Shared::Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
  "user-provided value"
--- a/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
@@ -9,10 +9,7 @@ import javascript
 module ExceptionXss {
  import DomBasedXssCustomizations::DomBasedXss as DomBasedXssCustom
  import ReflectedXssCustomizations::ReflectedXss as ReflectedXssCustom
-  import Xss::DomBasedXss as DomBasedXss
-  import Xss::ReflectedXss as ReflectedXSS
-  import Xss::StoredXss as StoredXss
-  import Xss as XSS
+  import Xss as Xss
  
  /**
   * Holds if `node` cannot cause an exception containing sensitive information to be thrown.
@@ -59,14 +56,14 @@ module ExceptionXss {
    Configuration() { this = "ExceptionXss" }

    override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-      source instanceof XSS::Shared::Source and label instanceof NotYetThrown
+      source instanceof Xss::Shared::Source and label instanceof NotYetThrown
    }

    override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-      sink instanceof XSS::Shared::Sink and not label instanceof NotYetThrown
+      sink instanceof Xss::Shared::Sink and not label instanceof NotYetThrown
    }

-    override predicate isSanitizer(DataFlow::Node node) { node instanceof XSS::Shared::Sanitizer }
+    override predicate isSanitizer(DataFlow::Node node) { node instanceof Xss::Shared::Sanitizer }

    override predicate isAdditionalFlowStep(
      DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl,
--- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss.expected
@@ -52,6 +52,23 @@ nodes
 | exception-xss.js:119:14:119:30 | "Exception: " + e |
 | exception-xss.js:119:14:119:30 | "Exception: " + e |
 | exception-xss.js:119:30:119:30 | e |
+| exception-xss.js:125:48:125:64 | document.location |
+| exception-xss.js:125:48:125:64 | document.location |
+| exception-xss.js:125:48:125:71 | documen ... .search |
+| exception-xss.js:128:11:128:52 | session ... ssion') |
+| exception-xss.js:129:10:129:10 | e |
+| exception-xss.js:130:18:130:18 | e |
+| exception-xss.js:130:18:130:18 | e |
+| tst.js:298:9:298:16 | location |
+| tst.js:298:9:298:16 | location |
+| tst.js:299:10:299:10 | e |
+| tst.js:300:20:300:20 | e |
+| tst.js:300:20:300:20 | e |
+| tst.js:305:10:305:17 | location |
+| tst.js:305:10:305:17 | location |
+| tst.js:307:10:307:10 | e |
+| tst.js:308:20:308:20 | e |
+| tst.js:308:20:308:20 | e |
 edges
 | exception-xss.js:2:9:2:31 | foo | exception-xss.js:9:11:9:13 | foo |
 | exception-xss.js:2:9:2:31 | foo | exception-xss.js:15:9:15:11 | foo |
@@ -104,6 +121,20 @@ edges
 | exception-xss.js:118:11:118:11 | e | exception-xss.js:119:30:119:30 | e |
 | exception-xss.js:119:30:119:30 | e | exception-xss.js:119:14:119:30 | "Exception: " + e |
 | exception-xss.js:119:30:119:30 | e | exception-xss.js:119:14:119:30 | "Exception: " + e |
+| exception-xss.js:125:48:125:64 | document.location | exception-xss.js:125:48:125:71 | documen ... .search |
+| exception-xss.js:125:48:125:64 | document.location | exception-xss.js:125:48:125:71 | documen ... .search |
+| exception-xss.js:125:48:125:71 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
+| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:10:129:10 | e |
+| exception-xss.js:129:10:129:10 | e | exception-xss.js:130:18:130:18 | e |
+| exception-xss.js:129:10:129:10 | e | exception-xss.js:130:18:130:18 | e |
+| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
+| tst.js:298:9:298:16 | location | tst.js:299:10:299:10 | e |
+| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
+| tst.js:299:10:299:10 | e | tst.js:300:20:300:20 | e |
+| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
+| tst.js:305:10:305:17 | location | tst.js:307:10:307:10 | e |
+| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
+| tst.js:307:10:307:10 | e | tst.js:308:20:308:20 | e |
 #select
 | exception-xss.js:11:18:11:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:11:18:11:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
 | exception-xss.js:17:18:17:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:17:18:17:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
@@ -115,3 +146,6 @@ edges
 | exception-xss.js:97:18:97:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:97:18:97:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
 | exception-xss.js:107:18:107:18 | e | exception-xss.js:2:15:2:31 | document.location | exception-xss.js:107:18:107:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:2:15:2:31 | document.location | user-provided value |
 | exception-xss.js:119:14:119:30 | "Exception: " + e | exception-xss.js:117:13:117:25 | req.params.id | exception-xss.js:119:14:119:30 | "Exception: " + e | Cross-site scripting vulnerability due to $@. | exception-xss.js:117:13:117:25 | req.params.id | user-provided value |
+| exception-xss.js:130:18:130:18 | e | exception-xss.js:125:48:125:64 | document.location | exception-xss.js:130:18:130:18 | e | Cross-site scripting vulnerability due to $@. | exception-xss.js:125:48:125:64 | document.location | user-provided value |
+| tst.js:300:20:300:20 | e | tst.js:298:9:298:16 | location | tst.js:300:20:300:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:298:9:298:16 | location | user-provided value |
+| tst.js:308:20:308:20 | e | tst.js:305:10:305:17 | location | tst.js:308:20:308:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:305:10:305:17 | location | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-079/exception-xss.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/exception-xss.js
@@ -120,3 +120,13 @@ app.get('/user/:id', function(req, res) {
  }
 });

+
+(function () {
+    sessionStorage.setItem('exceptionSession', document.location.search);
+
+	try {
+		unknown(sessionStorage.getItem('exceptionSession'));
+	} catch(e) {
+		$('myId').html(e); // NOT OK
+	}
+})();