hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 23:16:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b671ef504da698483cd2e9dcccec2bc4e5d75bd3
codeql/javascript/ql/test/library-tests/TaintBarriers/tst.js
Esben Sparre Andreasen 42fc28bc55 JS: add ad hoc whitelist checks as sanitizers
2018-09-24 11:17:35 +02:00

246 lines
3.4 KiB
JavaScript
Raw Blame History

function SanitizingRegExpTest () {
var v = SOURCE();
SINK(v);
if (/x/.test(v)) {
SINK(v);
} else {
SINK(v);
}
if (v.match(/x/)) {
SINK(v);
} else {
SINK(v);
}
}
function HasOwnPropertySanitizer () {
var v = SOURCE();
SINK(v);
if (o.hasOwnProperty(v)) {
SINK(v);
} else {
SINK(v);
}
}
function InSanitizer () {
var v = SOURCE();
SINK(v);
if (v in o) {
SINK(v);
} else {
SINK(v);
}
}
function UndefinedCheckSanitizer () {
var v = SOURCE();
SINK(v);
if (o[v] == undefined) {
SINK(v);
} else {
SINK(v);
}
if (undefined === o[v]) {
SINK(v);
} else {
SINK(v);
}
if (o[v] !== undefined) {
SINK(v);
} else {
SINK(v);
}
}
function IndexOfCheckSanitizer () {
var v = SOURCE();
SINK(v);
if (o.indexOf(v) == -1) {
SINK(v);
} else {
SINK(v);
}
if (-1 === o.indexOf(v)) {
SINK(v);
} else {
SINK(v);
}
if (o.indexOf(v) !== -1) {
SINK(v);
} else {
SINK(v);
}
}
function containsSanitizer () {
var v = SOURCE();
SINK(v);
if (o.contains(v)) {
SINK(v);
} else {
SINK(v);
}
}
function hasSanitizer () {
var v = SOURCE();
SINK(v);
if (o.has(v)) {
SINK(v);
} else {
SINK(v);
}
}
function includesSanitizer () {
var v = SOURCE();
SINK(v);
if (o.includes(v)) {
SINK(v);
} else {
SINK(v);
}
}
function propertySanitization(o) {
var v = SOURCE();
SINK(v.p.q);
if (o.hasOwnProperty(v)) {
SINK(v);
} else if (o.hasOwnProperty(v.p)) {
SINK(v.p);
} else if (o.hasOwnProperty(v.p.q)) {
SINK(v.p.q);
} else if (o.hasOwnProperty(v.p)) {
SINK(v);
} else if (o.hasOwnProperty(v["p.q"])) {
SINK(v.p.q);
}
}
function constantComparisonSanitizer () {
var v = SOURCE();
SINK(v);
if (v == "white-listed") {
SINK(v);
} else {
SINK(v);
}
if ("white-listed" != v) {
SINK(v);
} else {
SINK(v);
}
if (v === "white-listed-1" || v === "white-listed-2") {
SINK(v);
} else {
SINK(v);
}
if (v == !!0) {
SINK(v);
} else {
SINK(v);
}
}
function customSanitizer() {
function SANITIZE(x){ return x; }
var v = SOURCE();
v = SANITIZE(v);
SINK(v);
}
function BitwiseIndexOfCheckSanitizer () {
var v = SOURCE();
SINK(v);
if (~o.indexOf(v)) {
SINK(v);
} else {
SINK(v);
}
if (!~o.indexOf(v)) {
SINK(v);
} else {
SINK(v);
}
}
function RelationalIndexOfCheckSanitizer () {
var v = SOURCE();
SINK(v);
if (o.indexOf(v) <= -1) {
SINK(v);
} else {
SINK(v);
}
if (o.indexOf(v) >= 0) {
SINK(v);
} else {
SINK(v);
}
if (o.indexOf(v) < 0) {
SINK(v);
} else {
SINK(v);
}
if (o.indexOf(v) > -1) {
SINK(v);
} else {
SINK(v);
}
if (-1 >= o.indexOf(v)) {
SINK(v);
} else {
SINK(v);
}
}
function adhocWhitelisting() {
var v = SOURCE();
if (isWhitelisted(v))
SINK(v);
else
SINK(v);
if (config.allowValue(v))
SINK(v);
else
SINK(v);
}
Reference in New Issue View Git Blame Copy Permalink