Skip to content

JavaScript: Add library for HTML sanitizers #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
semmle-qlci merged 3 commits into from
Aug 13, 2018
Merged

JavaScript: Add library for HTML sanitizers #46

semmle-qlci merged 3 commits into from
Aug 13, 2018

Conversation

@asger-semmle
Copy link
Contributor

@asger-semmle asger-semmle commented Aug 10, 2018

Adds HtmlSanitizerCall, which models a call to a function whose purpose is to sanitize HTML.

CodeInjection has been updated to use the HtmlSanitizerCall class for additional taint steps. Unilke the previous version of this PR, no other queries are affected, since it cost more than expected.

I ran CodeInjection on default slugs to force evaluation of HtmlSanitizerCall. The performance results are noisy but after re-running the slowest bunch it looks okay.

@max you had some concerns about the name-based matching in the standard library. We could move that part back into CodeInjection if you prefer.

@asger-semmle asger-semmle requested a review from a team as a code owner August 10, 2018 10:38
xiemaisi
xiemaisi suggested changes Aug 10, 2018
View reviewed changes
Copy link

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but perhaps could do with a change note. The name based matching is probably fine; it's no worse than what we do for sensitive expressions.

javascript/ql/src/semmle/javascript/HtmlSanitizers.qll
abstract DataFlow::Node getInput();
}

private class DefaultHtmlSanitizerCall extends HtmlSanitizerCall {
Copy link

@xiemaisi xiemaisi Aug 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May be worth adding a comment (even though it's private), explaining that this models popular npm packages as well as home-made sanitizers.

@asger-semmle
Copy link
Contributor Author

asger-semmle commented Aug 10, 2018

Addressed comments and rebased to avoid conflict in the change log.

xiemaisi
xiemaisi approved these changes Aug 10, 2018
View reviewed changes
Copy link

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@xiemaisi xiemaisi added the JS label Aug 13, 2018
@semmle-qlci semmle-qlci merged commit c0fe0a1 into github:master Aug 13, 2018
aibaars pushed a commit that referenced this pull request Oct 14, 2021
@hvitved
Merge pull request #46 from github/hvitved/unique-parent
d5582f3 
Add `unique` wrapper to `AstNode::getParent()`
smowton pushed a commit to smowton/codeql that referenced this pull request Oct 28, 2021
@tamasvajk
Merge pull request github#46 from github/kotlin-sembuild
69449fe 
Change build to simplify sembuild integration
dbartol pushed a commit that referenced this pull request Dec 18, 2024
Merge pull request #46 from GitHubSecurityLab/ca-rw-sinks
4f0ec73 
Add models for composite actions and reusable workflows sinks
dbartol pushed a commit that referenced this pull request Dec 18, 2024
Merge pull request #46 from github/remove_scan_action
4e94c42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@xiemaisi xiemaisi xiemaisi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asger-semmle @xiemaisi @semmle-qlci