[testing][false positive] - src rule

mozilla / scanjs

[DEPRECATED] Static analysis tool for javascript code.

Other

429 stars 38 forks source link

[testing][false positive] - src rule #88

Closed pwnetrationguru closed 10 years ago

pwnetrationguru commented 10 years ago

src rule should not flag the following as dangerous since we care about assigning to src, not pulling from src:

var src = img.src

src rule should not flag the following as dangerous since we are assigning src from static string:

var a = document.createElement("script");
a.src = "static string";
document.body.appendChild(a);

pauljt commented 10 years ago

This issue is really just a few issues in one. Firstly we DO care about img.src, since img.src='javascript:foo' does actually execute script.

Secondly. the issue you are talking about here is support to taint tracking which we already have a bug open for. So I'm adding .src to the rules spreadsheet for possible inlcusion and closing this issue.