Commit e87790b
committed
Add ElectronShellOpenExternalSink class
Add ElectronShellOpenExternalSink class to detect untrusted input
interpreted by `openExternal` function call in `electron` module.
Based on the #14 Electron Security checklist:
https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content1 parent 7993a83 commit e87790b
File tree
1 file changed
+11
-0
lines changed- javascript/ql/src/semmle/javascript/security/dataflow
1 file changed
+11
-0
lines changedLines changed: 11 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
138 | 138 | | |
139 | 139 | | |
140 | 140 | | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
141 | 152 | | |
0 commit comments