YaK:: WebLog #535 Topic : 2007-02-01 02.13.01 matt : more bug finding with google code search [Changes]   [Calendar]   [Search]   [Index]   [PhotoTags]   
  [Back to weblog: pretention]  
[mega_changes]
[photos]

more bug finding with google code search

Some javascript-oriented regexps to help find cross-site scripting bugs.


We had an XSS bug we found as part of our developer testing. As part of fixing it, Aaron Peckham and I came up with a regexp to see if there were any other places we needed to fix. We came up with these two (the latter only works in perl, not in IntelliJ):

\.innerHTML\s+=\s+[^'"]
!/escapeHTML|strip|toHTML/

When combined (impossible to do in Google Code Search as of 1/31), they give pretty good results for places to start looking for XSS bugs. Another fun one for java and javascript I came up with based upon a findbugs true-positive I ran into a few months ago:

indexOf.*\)\s+>\s+0

It's a common bug to check for >0 instead of >=0 from indexOf. About 10% of the time, it's intentional. Usually, it's not. This isn't exploitable (AFAIK), but it's still a cause of functional bugs that should be fixed.

Google Code Search *still* doesn't support multi-line matching or lookahead/lookbehind, which is really necessary for the bug-finding capabilities to be taken to the next step. Of course, on your own private code you can just make a perl script and do something like:

find . -name "*.js" | xargs perl checkcode.pl

If anyone has improvements upon these regexps or the previous ones , please let me know and I'll post an update!

Discussion:

showing all 0 messages    

(No messages)

>
Post a new message:

   

(unless otherwise marked) Copyright 2002-2014 YakPeople. All rights reserved.
(last modified 2007-02-01)       [Login]
(No back references.)