File tree Expand file tree Collapse file tree 2 files changed +4
-4
lines changed
lib/semmle/javascript/security
test/query-tests/Security/CWE-601/ClientSideUrlRedirect Expand file tree Collapse file tree 2 files changed +4
-4
lines changed Original file line number Diff line number Diff line change @@ -108,7 +108,7 @@ module TaintedUrlSuffix {
108108 or
109109 // Assume calls to regexp.exec always extract query/fragment parameters.
110110 exists ( MethodCallNode call |
111- call = any ( RegExpLiteral re ) . flow ( ) . ( DataFlow:: SourceNode ) .getAMethodCall ( "exec" ) and
111+ call = any ( DataFlow:: RegExpCreationNode re ) .getAMethodCall ( "exec" ) and
112112 src = call .getArgument ( 0 ) and
113113 dst = call
114114 )
Original file line number Diff line number Diff line change @@ -6,15 +6,15 @@ window.location = /.*redirect=([^&]*).*/.exec(document.location.href)[1];
66 window . location = indirect . exec ( document . location . href ) [ 1 ] ;
77} ) ;
88
9- // NOT OK [INCONSISTENCY]
9+ // NOT OK
1010window . location = new RegExp ( '.*redirect=([^&]*).*' ) . exec ( document . location . href ) [ 1 ] ;
1111
1212( function ( ) {
1313 var indirect = new RegExp ( '.*redirect=([^&]*).*' )
1414 window . location = indirect . exec ( document . location . href ) [ 1 ] ;
1515} ) ;
1616
17- // NOT OK [INCONSISTENCY]
17+ // NOT OK
1818window . location = new RegExp ( / .* r e d i r e c t = ( [ ^ & ] * ) .* / ) . exec ( document . location . href ) [ 1 ] ;
1919
2020( function ( ) {
@@ -23,7 +23,7 @@ window.location = new RegExp(/.*redirect=([^&]*).*/).exec(document.location.href
2323} ) ;
2424
2525function foo ( win ) {
26- win . location . assign ( new RegExp ( / .* r e d i r e c t = ( [ ^ & ] * ) .* / ) . exec ( win . location . href ) [ 1 ] ) ; // NOT OK [INCONSISTENCY]
26+ win . location . assign ( new RegExp ( / .* r e d i r e c t = ( [ ^ & ] * ) .* / ) . exec ( win . location . href ) [ 1 ] ) ; // NOT OK
2727}
2828
2929foo ( window ) ;
You can’t perform that action at this time.
0 commit comments