Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a195429

Browse files
asgerfasgerf
committed
JS: Add test with non-guard sanitizer
1 parent 83606e7 commit a195429

4 files changed

Lines changed: 19 additions & 1 deletion

File tree

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,8 @@ typeInferenceMismatch
7373
| nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x |
7474
| nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x |
7575
| nested-props.js:77:36:77:43 | source() | nested-props.js:78:10:78:10 | x |
76-
| object-bypass-sanitizer.js:13:13:13:20 | source() | object-bypass-sanitizer.js:6:14:6:18 | x.foo |
76+
| object-bypass-sanitizer.js:23:13:23:20 | source() | object-bypass-sanitizer.js:12:14:12:18 | x.foo |
77+
| object-bypass-sanitizer.js:23:13:23:20 | source() | object-bypass-sanitizer.js:17:10:17:28 | sanitizer_id(x).foo |
7778
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x |
7879
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y |
7980
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value |

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@ class BasicConfig extends TaintTracking::Configuration {
3333
node instanceof UntaintableNode
3434
}
3535

36+
override predicate isSanitizer(DataFlow::Node node) {
37+
node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%")
38+
}
39+
3640
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) {
3741
node instanceof BasicSanitizerGuard
3842
}

javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,9 @@
4747
| nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) |
4848
| nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x |
4949
| nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x |
50+
| object-bypass-sanitizer.js:21:7:21:14 | source() | object-bypass-sanitizer.js:15:10:15:24 | sanitizer_id(x) |
51+
| object-bypass-sanitizer.js:23:13:23:20 | source() | object-bypass-sanitizer.js:16:10:16:28 | sanitizer_id(x.foo) |
52+
| object-bypass-sanitizer.js:23:13:23:20 | source() | object-bypass-sanitizer.js:17:10:17:28 | sanitizer_id(x).foo |
5053
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x |
5154
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y |
5255
| partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value |

javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,20 @@
11
import * as dummy from 'dummy';
22

3+
function sanitizer_id(x) {
4+
if (really_complicated_reason(x))
5+
return x;
6+
return null;
7+
}
8+
39
function f(x) {
410
if (isSafe(x)) {
511
sink(x);
612
sink(x.foo); // NOT OK
713
}
14+
15+
sink(sanitizer_id(x)); // OK
16+
sink(sanitizer_id(x.foo)); // OK
17+
sink(sanitizer_id(x).foo); // NOT OK
818
}
919

1020
function g() {

0 commit comments

Comments
 (0)