hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.1
codeql/javascript/ql/test/query-tests/Security/CWE-754/UnsafeDynamicMethodAccess.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

19 lines
908 B
JavaScript
Raw Permalink Blame History

// copied from tests for `UnsafeDynamicMethodAccess.ql` to check that they do not overlap
let obj = {};
window.addEventListener('message', (ev) => { // $ Source
let message = JSON.parse(ev.data);
window[message.name](message.payload); // $ MISSING: Alert - reported by UnsafeDynamicMethodAccess.ql
new window[message.name](message.payload); // $ MISSING: Alert - reported by UnsafeDynamicMethodAccess.ql
window["HTMLElement" + message.name](message.payload); // OK - concatenation restricts choice of methods
window[`HTMLElement${message.name}`](message.payload); // OK - concatenation restricts choice of methods
function f() {}
f[message.name](message.payload)(); // $ MISSING: Alert - reported by UnsafeDynamicMethodAccess.ql
obj[message.name](message.payload); // $ Alert
window[ev](ev); // $ MISSING: Alert - reported by UnsafeDynamicMethodAccess.ql
});
Reference in New Issue View Git Blame Copy Permalink