case insensitive authorization header

erik-krogh · erik-krogh · commit 7c26efbc129b · 2020-06-03T15:23:51.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll
@@ -263,13 +263,13 @@ module ClientRequest {
   /** An expression that is used as a credential in a request. */
   private class AuthorizationHeader extends CredentialsExpr {
     AuthorizationHeader() {
-      exists(DataFlow::PropWrite write | write.getPropertyName() = "Authorization" |
+      exists(DataFlow::PropWrite write | write.getPropertyName().regexpMatch("(?i)authorization") |
         this = write.getRhs().asExpr()
       )
       or
       exists(DataFlow::MethodCallNode call | call.getMethodName() = ["append", "set"] |
         call.getNumArgument() = 2 and
-        call.getArgument(0).mayHaveStringValue("Authorization") and
+        call.getArgument(0).getStringValue().regexpMatch("(?i)authorization") and
         this = call.getArgument(1).asExpr()
       )
     }

Original file line number	Diff line number	Diff line change
`@@ -263,13 +263,13 @@ module ClientRequest {`
`263`	`263`	`/** An expression that is used as a credential in a request. */`
`264`	`264`	`private class AuthorizationHeader extends CredentialsExpr {`
`265`	`265`	`AuthorizationHeader() {`
`266`		`- exists(DataFlow::PropWrite write \| write.getPropertyName() = "Authorization" \|`
	`266`	`+ exists(DataFlow::PropWrite write \| write.getPropertyName().regexpMatch("(?i)authorization") \|`
`267`	`267`	`this = write.getRhs().asExpr()`
`268`	`268`	`)`
`269`	`269`	`or`
`270`	`270`	`exists(DataFlow::MethodCallNode call \| call.getMethodName() = ["append", "set"] \|`
`271`	`271`	`call.getNumArgument() = 2 and`
`272`		`- call.getArgument(0).mayHaveStringValue("Authorization") and`
	`272`	`+ call.getArgument(0).getStringValue().regexpMatch("(?i)authorization") and`
`273`	`273`	`this = call.getArgument(1).asExpr()`
`274`	`274`	`)`
`275`	`275`	`}`