remove createHashHistory from the history sink

erik-krogh · erik-krogh · commit 5419143e726d · 2021-06-07T15:24:59.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -198,7 +198,7 @@ module ClientSideUrlRedirect {
     HistoryWriteUrlSink() {
       this =
         API::moduleImport("history")
-            .getMember(["createBrowserHistory", "createHashHistory"])
+            .getMember("createBrowserHistory")
             .getReturn()
             .getMember(["push", "replace"])
             .getACall()
diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst13.js b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst13.js
@@ -61,7 +61,7 @@ function bar() {
     history.push(payload); // NOT OK
 }
 function baz() {
-    const history = require('history').createHashHistory();
+    const history = require('history').createBrowserHistory();
     var payload = history.location.hash.substr(1);
 
     history.replace(payload); // NOT OK

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ function bar() {`
`61`	`61`	`history.push(payload); // NOT OK`
`62`	`62`	`}`
`63`	`63`	`function baz() {`
`64`		`- const history = require('history').createHashHistory();`
	`64`	`+ const history = require('history').createBrowserHistory();`
`65`	`65`	`var payload = history.location.hash.substr(1);`
`66`	`66`
`67`	`67`	`history.replace(payload); // NOT OK`