LocalStorage Taint Arguments not Provided

SAP / project-foxhound

A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.

GNU General Public License v3.0

82 stars 16 forks source link

LocalStorage Taint Arguments not Provided #59

Closed tmbrbr closed 2 years ago

tmbrbr commented 2 years ago

The normal way to access localstorage objects is via getters and setters:

localStorage.setItem('myCat', 'Tom');

and

const cat = localStorage.getItem('myCat');

But as described here, it is also possible via properties and array like access:

localStorage.colorSetting = '#a4509b';
localStorage['colorSetting'] = '#a4509b';
localStorage.setItem('colorSetting', '#a4509b');

In foxhound, the correct function argument is not always reported when using the direct properties access.

tmbrbr commented 2 years ago

Double checking, it appears that even the getters and setters and not providing the correct taint arguments.

tmbrbr commented 2 years ago

Added the storage key as a taint argument here: https://github.com/SAP/project-foxhound/commit/2b34d394ed8672fbc6433cf23cd6cab7cb65f18e