Skip to content

Commit 3ccdc2c

Browse files
committed
Update ElectronShellOpenExternalSink location
Move the class ElectronShellOpenExternalSink to ClientSideUrlRedirect.qll. It's been to be a more appropriate location.
1 parent e87790b commit 3ccdc2c

File tree

2 files changed

+12
-12
lines changed

2 files changed

+12
-12
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,4 +60,15 @@ module ClientSideUrlRedirect {
6060
guard instanceof HostnameSanitizerGuard
6161
}
6262
}
63+
64+
/**
65+
* Improper use of openExternal can be leveraged to compromise the user's host.
66+
* When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.
67+
*/
68+
class ElectronShellOpenExternalSink extends Sink {
69+
ElectronShellOpenExternalSink() {
70+
this =
71+
DataFlow::moduleMember("electron", "shell").getAMemberCall("openExternal").getArgument(0)
72+
}
73+
}
6374
}

javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -138,15 +138,4 @@ module CodeInjection {
138138
API::moduleImport("module").getInstance().getMember("_compile").getACall().getArgument(0)
139139
}
140140
}
141-
142-
/**
143-
* Improper use of openExternal can be leveraged to compromise the user's host.
144-
* When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.
145-
*/
146-
class ElectronShellOpenExternalSink extends Sink {
147-
ElectronShellOpenExternalSink() {
148-
this =
149-
DataFlow::moduleMember("electron", "shell").getAMemberCall("openExternal").getArgument(0)
150-
}
151-
}
152-
}
141+
}

0 commit comments

Comments
 (0)