Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d80cd1a

Browse files
author
Stephan Brandauer
committed
CWE 830 test where both branches in a ternary are unsafe
1 parent 2934aa1 commit d80cd1a

3 files changed

Lines changed: 13 additions & 5 deletions

File tree

javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -69,16 +69,17 @@ module StaticCreation {
6969
}
7070

7171
override string getProblem() {
72-
result =
73-
"Script loaded from content delivery network with no integrity check."
72+
result = "Script loaded from content delivery network with no integrity check."
7473
}
7574
}
7675

7776
/** An iframe element that includes untrusted content. */
7877
class IframeElementWithUntrustedContent extends AddsUntrustedUrl instanceof HTML::IframeElement {
7978
IframeElementWithUntrustedContent() { isUntrustedSourceUrl(super.getSourcePath()) }
8079

81-
override string getProblem() { result = "HTML iframe element loaded using unencrypted connection." }
80+
override string getProblem() {
81+
result = "HTML iframe element loaded using unencrypted connection."
82+
}
8283
}
8384
}
8485

javascript/ql/test/query-tests/Security/CWE-830/DynamicCreationOfUntrustedSourceUse.html

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,11 @@
1313
scrpt2.src = 'http://www.cdn.local/ga.js';
1414
scrpt2.integrity = 'sha256-h0UuK3mE9taiYlB5u9vT9A0s/XDgkfVd+F4VhN/sky=';
1515

16+
// NOT OK (http + ternary)
17+
var scrpt3 = document.createElement('script');
18+
scrpt3.type = 'text/javascript';
19+
scrpt3.src = ('https:' == document.location.protocol ? 'http://unsafe' : 'http://also-unsafe') + '.cdn.local/ga.js';
20+
1621
// NOT OK (http URL)
1722
var ifrm = document.createElement('iframe');
1823
ifrm.src = 'http://www.example.com/';
@@ -27,6 +32,7 @@
2732
}
2833
var ifrm3 = document.createElement('iframe');
2934
ifrm3.src = getUrl('v123');
35+
3036
})();
3137
</script>
3238
</head>

javascript/ql/test/query-tests/Security/CWE-830/FunctionalityFromUntrustedSource.expected

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
1-
| DynamicCreationOfUntrustedSourceUse.html:18:26:18:50 | 'http:/ ... e.com/' | HTML iframe element loaded using unencrypted connection. |
2-
| DynamicCreationOfUntrustedSourceUse.html:29:27:29:40 | getUrl('v123') | HTML iframe element loaded using unencrypted connection. |
1+
| DynamicCreationOfUntrustedSourceUse.html:19:28:19:129 | ('https ... /ga.js' | HTML script element loaded using unencrypted connection. |
2+
| DynamicCreationOfUntrustedSourceUse.html:23:26:23:50 | 'http:/ ... e.com/' | HTML iframe element loaded using unencrypted connection. |
3+
| DynamicCreationOfUntrustedSourceUse.html:34:27:34:40 | getUrl('v123') | HTML iframe element loaded using unencrypted connection. |
34
| StaticCreationOfUntrustedSourceUse.html:6:9:6:56 | <script>...</> | HTML script element loaded using unencrypted connection. |
45
| StaticCreationOfUntrustedSourceUse.html:9:9:9:58 | <iframe>...</> | HTML iframe element loaded using unencrypted connection. |
56
| StaticCreationOfUntrustedSourceUse.html:21:9:21:155 | <script>...</> | Script loaded from content delivery network with no integrity check. |

0 commit comments

Comments
 (0)