hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/tst.js

23 lines
1.0 KiB
JavaScript
Raw Permalink Blame History

let obj = {};
window.addEventListener('message', (ev) => {
let message = JSON.parse(ev.data);
window[message.name](message.payload); // NOT OK - may invoke eval
new window[message.name](message.payload); // NOT OK - may invoke jQuery $ function or similar
window["HTMLElement" + message.name](message.payload); // OK - concatenation restricts choice of methods
window[`HTMLElement${message.name}`](message.payload); // OK - concatenation restricts choice of methods
function f() {}
f[message.name](message.payload)(); // NOT OK - may acccess Function constructor
obj[message.name](message.payload); // OK - may crash, but no code execution involved
window[ev](ev); // NOT OK
window[configData() + ' ' + message.name](message.payload); // OK - concatenation restricts choice of methods
window[configData() + message.name](message.payload); // OK - concatenation restricts choice of methods
window['' + message.name](message.payload); // NOT OK - coercion does not restrict choice of methods
});
Reference in New Issue View Git Blame Copy Permalink