Skip to content

Commit 6bc821b

Browse files
erik-krogherik-krogh
committed
add tests for dominating writes
1 parent 2b2d691 commit 6bc821b

File tree

3 files changed

+122
-1
lines changed

3 files changed

+122
-1
lines changed

javascript/ql/test/query-tests/Security/CWE-079/Xss.expected

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -429,6 +429,30 @@ nodes
429429
| tst.js:377:16:377:39 | documen ... .search |
430430
| tst.js:380:18:380:23 | target |
431431
| tst.js:380:18:380:23 | target |
432+
| tst.js:387:7:387:39 | target |
433+
| tst.js:387:16:387:32 | document.location |
434+
| tst.js:387:16:387:32 | document.location |
435+
| tst.js:387:16:387:39 | documen ... .search |
436+
| tst.js:390:18:390:23 | target |
437+
| tst.js:390:18:390:23 | target |
438+
| tst.js:392:18:392:23 | target |
439+
| tst.js:392:18:392:29 | target.taint |
440+
| tst.js:392:18:392:29 | target.taint |
441+
| tst.js:397:19:397:35 | document.location |
442+
| tst.js:397:19:397:35 | document.location |
443+
| tst.js:397:19:397:42 | documen ... .search |
444+
| tst.js:398:18:398:30 | target.taint3 |
445+
| tst.js:398:18:398:30 | target.taint3 |
446+
| tst.js:403:18:403:23 | target |
447+
| tst.js:403:18:403:30 | target.taint5 |
448+
| tst.js:403:18:403:30 | target.taint5 |
449+
| tst.js:412:18:412:23 | target |
450+
| tst.js:412:18:412:30 | target.taint7 |
451+
| tst.js:412:18:412:30 | target.taint7 |
452+
| tst.js:414:19:414:24 | target |
453+
| tst.js:414:19:414:31 | target.taint8 |
454+
| tst.js:415:18:415:30 | target.taint8 |
455+
| tst.js:415:18:415:30 | target.taint8 |
432456
| typeahead.js:20:13:20:45 | target |
433457
| typeahead.js:20:22:20:38 | document.location |
434458
| typeahead.js:20:22:20:38 | document.location |
@@ -835,6 +859,29 @@ edges
835859
| tst.js:377:16:377:32 | document.location | tst.js:377:16:377:39 | documen ... .search |
836860
| tst.js:377:16:377:32 | document.location | tst.js:377:16:377:39 | documen ... .search |
837861
| tst.js:377:16:377:39 | documen ... .search | tst.js:377:7:377:39 | target |
862+
| tst.js:387:7:387:39 | target | tst.js:390:18:390:23 | target |
863+
| tst.js:387:7:387:39 | target | tst.js:390:18:390:23 | target |
864+
| tst.js:387:7:387:39 | target | tst.js:392:18:392:23 | target |
865+
| tst.js:387:7:387:39 | target | tst.js:403:18:403:23 | target |
866+
| tst.js:387:7:387:39 | target | tst.js:412:18:412:23 | target |
867+
| tst.js:387:7:387:39 | target | tst.js:414:19:414:24 | target |
868+
| tst.js:387:16:387:32 | document.location | tst.js:387:16:387:39 | documen ... .search |
869+
| tst.js:387:16:387:32 | document.location | tst.js:387:16:387:39 | documen ... .search |
870+
| tst.js:387:16:387:39 | documen ... .search | tst.js:387:7:387:39 | target |
871+
| tst.js:392:18:392:23 | target | tst.js:392:18:392:29 | target.taint |
872+
| tst.js:392:18:392:23 | target | tst.js:392:18:392:29 | target.taint |
873+
| tst.js:397:19:397:35 | document.location | tst.js:397:19:397:42 | documen ... .search |
874+
| tst.js:397:19:397:35 | document.location | tst.js:397:19:397:42 | documen ... .search |
875+
| tst.js:397:19:397:42 | documen ... .search | tst.js:398:18:398:30 | target.taint3 |
876+
| tst.js:397:19:397:42 | documen ... .search | tst.js:398:18:398:30 | target.taint3 |
877+
| tst.js:403:18:403:23 | target | tst.js:403:18:403:30 | target.taint5 |
878+
| tst.js:403:18:403:23 | target | tst.js:403:18:403:30 | target.taint5 |
879+
| tst.js:412:18:412:23 | target | tst.js:412:18:412:30 | target.taint7 |
880+
| tst.js:412:18:412:23 | target | tst.js:412:18:412:30 | target.taint7 |
881+
| tst.js:414:19:414:24 | target | tst.js:414:19:414:31 | target.taint8 |
882+
| tst.js:414:19:414:31 | target.taint8 | tst.js:414:19:414:31 | target.taint8 |
883+
| tst.js:414:19:414:31 | target.taint8 | tst.js:415:18:415:30 | target.taint8 |
884+
| tst.js:414:19:414:31 | target.taint8 | tst.js:415:18:415:30 | target.taint8 |
838885
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
839886
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
840887
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
@@ -956,6 +1003,12 @@ edges
9561003
| tst.js:366:21:366:26 | target | tst.js:361:19:361:35 | document.location | tst.js:366:21:366:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:361:19:361:35 | document.location | user-provided value |
9571004
| tst.js:369:18:369:23 | target | tst.js:361:19:361:35 | document.location | tst.js:369:18:369:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:361:19:361:35 | document.location | user-provided value |
9581005
| tst.js:380:18:380:23 | target | tst.js:377:16:377:32 | document.location | tst.js:380:18:380:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:377:16:377:32 | document.location | user-provided value |
1006+
| tst.js:390:18:390:23 | target | tst.js:387:16:387:32 | document.location | tst.js:390:18:390:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:387:16:387:32 | document.location | user-provided value |
1007+
| tst.js:392:18:392:29 | target.taint | tst.js:387:16:387:32 | document.location | tst.js:392:18:392:29 | target.taint | Cross-site scripting vulnerability due to $@. | tst.js:387:16:387:32 | document.location | user-provided value |
1008+
| tst.js:398:18:398:30 | target.taint3 | tst.js:397:19:397:35 | document.location | tst.js:398:18:398:30 | target.taint3 | Cross-site scripting vulnerability due to $@. | tst.js:397:19:397:35 | document.location | user-provided value |
1009+
| tst.js:403:18:403:30 | target.taint5 | tst.js:387:16:387:32 | document.location | tst.js:403:18:403:30 | target.taint5 | Cross-site scripting vulnerability due to $@. | tst.js:387:16:387:32 | document.location | user-provided value |
1010+
| tst.js:412:18:412:30 | target.taint7 | tst.js:387:16:387:32 | document.location | tst.js:412:18:412:30 | target.taint7 | Cross-site scripting vulnerability due to $@. | tst.js:387:16:387:32 | document.location | user-provided value |
1011+
| tst.js:415:18:415:30 | target.taint8 | tst.js:387:16:387:32 | document.location | tst.js:415:18:415:30 | target.taint8 | Cross-site scripting vulnerability due to $@. | tst.js:387:16:387:32 | document.location | user-provided value |
9591012
| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:38 | document.location | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:38 | document.location | user-provided value |
9601013
| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
9611014
| winjs.js:3:43:3:49 | tainted | winjs.js:2:17:2:33 | document.location | winjs.js:3:43:3:49 | tainted | Cross-site scripting vulnerability due to $@. | winjs.js:2:17:2:33 | document.location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -429,6 +429,23 @@ nodes
429429
| tst.js:377:16:377:39 | documen ... .search |
430430
| tst.js:380:18:380:23 | target |
431431
| tst.js:380:18:380:23 | target |
432+
| tst.js:387:7:387:39 | target |
433+
| tst.js:387:16:387:32 | document.location |
434+
| tst.js:387:16:387:32 | document.location |
435+
| tst.js:387:16:387:39 | documen ... .search |
436+
| tst.js:390:18:390:23 | target |
437+
| tst.js:390:18:390:23 | target |
438+
| tst.js:392:18:392:23 | target |
439+
| tst.js:392:18:392:29 | target.taint |
440+
| tst.js:392:18:392:29 | target.taint |
441+
| tst.js:397:19:397:35 | document.location |
442+
| tst.js:397:19:397:35 | document.location |
443+
| tst.js:397:19:397:42 | documen ... .search |
444+
| tst.js:398:18:398:30 | target.taint3 |
445+
| tst.js:398:18:398:30 | target.taint3 |
446+
| tst.js:403:18:403:23 | target |
447+
| tst.js:403:18:403:30 | target.taint5 |
448+
| tst.js:403:18:403:30 | target.taint5 |
432449
| typeahead.js:9:28:9:30 | loc |
433450
| typeahead.js:9:28:9:30 | loc |
434451
| typeahead.js:10:16:10:18 | loc |
@@ -839,6 +856,21 @@ edges
839856
| tst.js:377:16:377:32 | document.location | tst.js:377:16:377:39 | documen ... .search |
840857
| tst.js:377:16:377:32 | document.location | tst.js:377:16:377:39 | documen ... .search |
841858
| tst.js:377:16:377:39 | documen ... .search | tst.js:377:7:377:39 | target |
859+
| tst.js:387:7:387:39 | target | tst.js:390:18:390:23 | target |
860+
| tst.js:387:7:387:39 | target | tst.js:390:18:390:23 | target |
861+
| tst.js:387:7:387:39 | target | tst.js:392:18:392:23 | target |
862+
| tst.js:387:7:387:39 | target | tst.js:403:18:403:23 | target |
863+
| tst.js:387:16:387:32 | document.location | tst.js:387:16:387:39 | documen ... .search |
864+
| tst.js:387:16:387:32 | document.location | tst.js:387:16:387:39 | documen ... .search |
865+
| tst.js:387:16:387:39 | documen ... .search | tst.js:387:7:387:39 | target |
866+
| tst.js:392:18:392:23 | target | tst.js:392:18:392:29 | target.taint |
867+
| tst.js:392:18:392:23 | target | tst.js:392:18:392:29 | target.taint |
868+
| tst.js:397:19:397:35 | document.location | tst.js:397:19:397:42 | documen ... .search |
869+
| tst.js:397:19:397:35 | document.location | tst.js:397:19:397:42 | documen ... .search |
870+
| tst.js:397:19:397:42 | documen ... .search | tst.js:398:18:398:30 | target.taint3 |
871+
| tst.js:397:19:397:42 | documen ... .search | tst.js:398:18:398:30 | target.taint3 |
872+
| tst.js:403:18:403:23 | target | tst.js:403:18:403:30 | target.taint5 |
873+
| tst.js:403:18:403:23 | target | tst.js:403:18:403:30 | target.taint5 |
842874
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
843875
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
844876
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

javascript/ql/test/query-tests/Security/CWE-079/tst.js

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -381,4 +381,40 @@ function test() {
381381

382382
// OK
383383
$('myid').html(document.location.href.split("?")[0]);
384-
}
384+
}
385+
386+
function test() {
387+
var target = document.location.search
388+
389+
390+
$('myId').html(target); // NOT OK
391+
392+
$('myId').html(target.taint); // NOT OK
393+
394+
target.taint2 = 2;
395+
$('myId').html(target.taint2); // OK
396+
397+
target.taint3 = document.location.search;
398+
$('myId').html(target.taint3); // NOT OK
399+
400+
target.sub.taint4 = 2
401+
$('myId').html(target.sub.taint4); // OK
402+
403+
$('myId').html(target.taint5); // NOT OK
404+
target.taint5 = "safe";
405+
406+
target.taint6 = 2;
407+
if (random()) {return;}
408+
$('myId').html(target.taint6); // OK
409+
410+
411+
if (random()) {target.taint7 = "safe";}
412+
$('myId').html(target.taint7); // NOT OK
413+
414+
target.taint8 = target.taint8;
415+
$('myId').html(target.taint8); // NOT OK
416+
417+
target.taint9 = (target.taint9 = "safe");
418+
$('myId').html(target.taint9); // OK
419+
}
420+

0 commit comments

Comments
 (0)