Skip to content

JS: Add support for escape #19027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Napalys merged 6 commits into from
Mar 17, 2025
Merged

JS: Add support for escape #19027

Napalys merged 6 commits into from
Mar 17, 2025

Conversation

@Napalys
Copy link
Contributor

@Napalys Napalys commented Mar 14, 2025
edited
Loading

Included escape and unescape functions as additional flow steps.

@github-actions github-actions bot added the JS label Mar 14, 2025
@Napalys Napalys marked this pull request as ready for review March 14, 2025 13:32
Copilot AI review requested due to automatic review settings March 14, 2025 13:32
@Napalys Napalys requested a review from a team as a code owner March 14, 2025 13:32
Copilot AI reviewed Mar 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for handling the escape and unescape functions in test cases for tainted paths.

  • Added test cases in TaintedPath.js to validate flows involving escape() and unescape()
  • Updated change notes to document the new flow steps

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js Added test cases using escape() and unescape() to trigger security alerts
javascript/ql/lib/change-notes/2025-03-14-escape.md Documented the support added for escape() and unescape() flows
Files not reviewed (2)
  • javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll: Language not supported
  • javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected: Language not supported

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more

@asgerf
Copy link
Contributor

asgerf commented Mar 14, 2025

Could you also add escape as a StringManipulationTaintStep like unescape, and then add it as a sanitizer for XSS?

You can look at UriEncodingSanitizer in Xss.qll as an example of how to add sanitisers to all the XSS queries.

@Napalys @asgerf
Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedP…
478e32c 
…athCustomizations.qll

Co-authored-by: Asger F <asgerf@github.com>
@Napalys Napalys requested a review from asgerf March 17, 2025 09:31
@Napalys Napalys merged commit 749a056 into github:main Mar 17, 2025
13 checks passed
@Napalys Napalys mentioned this pull request Mar 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asgerf asgerf asgerf approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Napalys @asgerf