File tree Expand file tree Collapse file tree 3 files changed +4
-4
lines changed
src/queries/Security/CWE-094
test/query-tests/Security/CWE-094 Expand file tree Collapse file tree 3 files changed +4
-4
lines changed Original file line number Diff line number Diff line change @@ -3,4 +3,4 @@ let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.jso
33
44...
55
6- _ = try await webview. evaluateJavaScript ( " alert (" + remoteData + " ) " ) // BAD
6+ _ = try await webview. evaluateJavaScript ( " console.log (" + remoteData + " ) " ) // BAD
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.jso
44...
55
66_ = try await webview. callAsyncJavaScript (
7- " alert(JSON.parse (data) )" ,
7+ " console.log (data)" ,
88 arguments: [ " data " : remoteData] , // GOOD
99 contentWorld: . page
1010)
Original file line number Diff line number Diff line change @@ -317,10 +317,10 @@ func testQHelpExamples() {
317317 let webview = WKWebView ( )
318318 let remoteData = try String ( contentsOf: URL ( string: " http://example.com/evil.json " ) !)
319319
320- _ = try await webview. evaluateJavaScript ( " alert (" + remoteData + " ) " ) // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
320+ _ = try await webview. evaluateJavaScript ( " console.log (" + remoteData + " ) " ) // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
321321
322322 _ = try await webview. callAsyncJavaScript (
323- " alert(JSON.parse (data) )" ,
323+ " console.log (data)" ,
324324 arguments: [ " data " : remoteData] , // GOOD
325325 contentWorld: . page
326326 )
You can’t perform that action at this time.
0 commit comments