Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 897bb4d

Browse files
erik-krogherik-krogh
committed
add test for chrome-remote-interface
1 parent 1ab5ca4 commit 897bb4d

2 files changed

Lines changed: 33 additions & 0 deletions

File tree

javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,16 @@ nodes
3737
| tst.js:45:13:45:56 | 'http:/ ... tainted |
3838
| tst.js:45:13:45:56 | 'http:/ ... tainted |
3939
| tst.js:45:50:45:56 | tainted |
40+
| tst.js:58:9:58:52 | tainted |
41+
| tst.js:58:19:58:42 | url.par ... , true) |
42+
| tst.js:58:19:58:48 | url.par ... ).query |
43+
| tst.js:58:19:58:52 | url.par ... ery.url |
44+
| tst.js:58:29:58:35 | req.url |
45+
| tst.js:58:29:58:35 | req.url |
46+
| tst.js:61:29:61:35 | tainted |
47+
| tst.js:61:29:61:35 | tainted |
48+
| tst.js:64:30:64:36 | tainted |
49+
| tst.js:64:30:64:36 | tainted |
4050
edges
4151
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
4252
| tst.js:14:9:14:52 | tainted | tst.js:18:13:18:19 | tainted |
@@ -75,6 +85,15 @@ edges
7585
| tst.js:43:46:43:52 | tainted | tst.js:43:13:43:54 | `http:/ ... inted}` |
7686
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
7787
| tst.js:45:50:45:56 | tainted | tst.js:45:13:45:56 | 'http:/ ... tainted |
88+
| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
89+
| tst.js:58:9:58:52 | tainted | tst.js:61:29:61:35 | tainted |
90+
| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
91+
| tst.js:58:9:58:52 | tainted | tst.js:64:30:64:36 | tainted |
92+
| tst.js:58:19:58:42 | url.par ... , true) | tst.js:58:19:58:48 | url.par ... ).query |
93+
| tst.js:58:19:58:48 | url.par ... ).query | tst.js:58:19:58:52 | url.par ... ery.url |
94+
| tst.js:58:19:58:52 | url.par ... ery.url | tst.js:58:9:58:52 | tainted |
95+
| tst.js:58:29:58:35 | req.url | tst.js:58:19:58:42 | url.par ... , true) |
96+
| tst.js:58:29:58:35 | req.url | tst.js:58:19:58:42 | url.par ... , true) |
7897
#select
7998
| tst.js:18:5:18:20 | request(tainted) | tst.js:14:29:14:35 | req.url | tst.js:18:13:18:19 | tainted | The $@ of this request depends on $@. | tst.js:18:13:18:19 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
8099
| tst.js:20:5:20:24 | request.get(tainted) | tst.js:14:29:14:35 | req.url | tst.js:20:17:20:23 | tainted | The $@ of this request depends on $@. | tst.js:20:17:20:23 | tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
@@ -88,3 +107,5 @@ edges
88107
| tst.js:41:5:41:52 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:41:13:41:51 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:41:13:41:51 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
89108
| tst.js:43:5:43:55 | request ... nted}`) | tst.js:14:29:14:35 | req.url | tst.js:43:13:43:54 | `http:/ ... inted}` | The $@ of this request depends on $@. | tst.js:43:13:43:54 | `http:/ ... inted}` | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
90109
| tst.js:45:5:45:57 | request ... ainted) | tst.js:14:29:14:35 | req.url | tst.js:45:13:45:56 | 'http:/ ... tainted | The $@ of this request depends on $@. | tst.js:45:13:45:56 | 'http:/ ... tainted | URL | tst.js:14:29:14:35 | req.url | a user-provided value |
110+
| tst.js:61:2:61:37 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:61:29:61:35 | tainted | The $@ of this request depends on $@. | tst.js:61:29:61:35 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |
111+
| tst.js:64:3:64:38 | client. ... inted}) | tst.js:58:29:58:35 | req.url | tst.js:64:30:64:36 | tainted | The $@ of this request depends on $@. | tst.js:64:30:64:36 | tainted | URL | tst.js:58:29:58:35 | req.url | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-918/tst.js

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,3 +52,15 @@ var server = http.createServer(function(req, res) {
5252

5353
request(`${base}${tainted}`); // OK - assumed safe
5454
})
55+
56+
var CDP = require("chrome-remote-interface");
57+
var server = http.createServer(async function(req, res) {
58+
var tainted = url.parse(req.url, true).query.url;
59+
60+
var client = await CDP(options);
61+
client.Page.navigate({url: tainted}); // NOT OK.
62+
63+
CDP(options, (client) => {
64+
client.Page.navigate({url: tainted}); // NOT OK.
65+
});
66+
})

0 commit comments

Comments
 (0)