hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/query-tests/Security/CWE-020/tst-IncompleteUrlSubstringSanitization.js

77 lines
2.9 KiB
JavaScript
Raw Permalink Blame History

(function(x){
x.indexOf("internal") !== -1; // NOT OK, but not flagged
x.indexOf("localhost") !== -1; // NOT OK, but not flagged
x.indexOf("secure.com") !== -1; // NOT OK
x.indexOf("secure.net") !== -1; // NOT OK
x.indexOf(".secure.com") !== -1; // NOT OK
x.indexOf("sub.secure.") !== -1; // NOT OK, but not flagged
x.indexOf(".sub.secure.") !== -1; // NOT OK, but not flagged
x.indexOf("secure.com") === -1; // NOT OK
x.indexOf("secure.com") === 0; // NOT OK
x.indexOf("secure.com") >= 0; // NOT OK
x.startsWith("https://secure.com"); // NOT OK
x.endsWith("secure.com"); // NOT OK
x.endsWith(".secure.com"); // OK
x.startsWith("secure.com/"); // OK
x.indexOf("secure.com/") === 0; // OK
x.includes("secure.com"); // NOT OK
x.indexOf("#") !== -1; // OK
x.indexOf(":") !== -1; // OK
x.indexOf(":/") !== -1; // OK
x.indexOf("://") !== -1; // OK
x.indexOf("//") !== -1; // OK
x.indexOf(":443") !== -1; // OK
x.indexOf("/some/path/") !== -1; // OK
x.indexOf("some/path") !== -1; // OK
x.indexOf("/index.html") !== -1; // OK
x.indexOf(":template:") !== -1; // OK
x.indexOf("https://secure.com") !== -1; // NOT OK
x.indexOf("https://secure.com:443") !== -1; // NOT OK
x.indexOf("https://secure.com/") !== -1; // NOT OK
x.indexOf(".cn") !== -1; // NOT OK, but not flagged
x.indexOf(".jpg") !== -1; // OK
x.indexOf("index.html") !== -1; // OK
x.indexOf("index.js") !== -1; // OK
x.indexOf("index.php") !== -1; // OK
x.indexOf("index.css") !== -1; // OK
x.indexOf("secure=true") !== -1; // OK (query param)
x.indexOf("&auth=") !== -1; // OK (query param)
x.indexOf(getCurrentDomain()) !== -1; // NOT OK, but not flagged
x.indexOf(location.origin) !== -1; // NOT OK, but not flagged
x.indexOf("tar.gz") + offset; // OK
x.indexOf("tar.gz") - offset; // OK
x.indexOf("https://example.internal") !== -1; // NOT OK
x.indexOf("https://") !== -1; // OK
x.startsWith("https://example.internal"); // NOT OK
x.indexOf('https://example.internal.org') !== 0; // NOT OK
x.indexOf('https://example.internal.org') === 0; // NOT OK
x.endsWith("internal.com"); // NOT OK
x.startsWith("https://example.internal:80"); // OK
x.indexOf("secure.com") !== -1; // NOT OK
x.indexOf("secure.com") === -1; // OK
!(x.indexOf("secure.com") !== -1); // OK
!x.includes("secure.com"); // OK
if(!x.includes("secure.com")) { // NOT OK
} else {
doSomeThingWithTrustedURL(x);
}
x.startsWith("https://secure.com/foo/bar"); // OK - a forward slash after the domain makes prefix checks safe.
x.indexOf("https://secure.com/foo/bar") >= 0 // NOT OK - the url can be anywhere in the string.
x.indexOf("https://secure.com") >= 0 // NOT OK
x.indexOf("https://secure.com/foo/bar-baz") >= 0 // NOT OK - the url can be anywhere in the string.
});
Reference in New Issue View Git Blame Copy Permalink