Skip to content

JS: More precise type-test sanitizer guards in unsafe-html-construction#12177

Merged
erik-krogh merged 3 commits into
github:mainfrom
erik-krogh:alias-html
Feb 27, 2023
Merged

JS: More precise type-test sanitizer guards in unsafe-html-construction#12177
erik-krogh merged 3 commits into
github:mainfrom
erik-krogh:alias-html

Conversation

@erik-krogh
Copy link
Copy Markdown
Contributor

@erik-krogh erik-krogh commented Feb 13, 2023
edited
Loading

CVE-2021-32850: TP
CVE-2022-30241: TP
CVE-2021-32860: TP
CVE-2021-41183: TP

The TypeTestSanitizer was a bit aggresive, it removed a bunch of TPs.
This PR makes the modelling of objects more precise in the unsafe-html-construction query.

Evaluation was uneventful.

@github-actions github-actions Bot added the JS label Feb 13, 2023
@erik-krogh erik-krogh force-pushed the alias-html branch 2 times, most recently from 4bd36f4 to 8750a9b Compare February 14, 2023 15:44
github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 14, 2023
View reviewed changes
Comment thread javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll Fixed
@erik-krogh erik-krogh changed the title JS: Add more alias steps JS: Add more alias steps to unsafe-html-construction Feb 14, 2023
@erik-krogh erik-krogh added the no-change-note-required This PR does not need a change note label Feb 14, 2023
@erik-krogh erik-krogh marked this pull request as ready for review February 14, 2023 22:30
@erik-krogh erik-krogh requested a review from a team as a code owner February 14, 2023 22:30
@erik-krogh erik-krogh marked this pull request as draft February 15, 2023 11:52
@erik-krogh erik-krogh changed the title JS: Add more alias steps to unsafe-html-construction JS: More precise type-test sanitizer guards in unsafe-html-construction Feb 15, 2023
@erik-krogh erik-krogh marked this pull request as ready for review February 15, 2023 20:41
@calumgrant calumgrant requested a review from alexrford February 20, 2023 09:38
alexrford
alexrford previously approved these changes Feb 22, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@alexrford alexrford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@erik-krogh erik-krogh requested a review from a team as a code owner February 27, 2023 08:16
@erik-krogh erik-krogh requested a review from alexrford February 27, 2023 08:16
@erik-krogh
Copy link
Copy Markdown
Contributor Author

erik-krogh commented Feb 27, 2023

Had to do a merge to fix a conflict in an expected file.
@alexrford can I get a re-approve?

@erik-krogh erik-krogh merged commit 50aa5e0 into github:main Feb 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@alexrford alexrford alexrford approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

JS no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@erik-krogh @alexrford @github-advanced-security