Skip to content

Commit

Permalink
chromium-insecure-gurl: fix gurl detection
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon committed Jul 17, 2023
1 parent 870282d commit 39c48ca
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
17 changes: 11 additions & 6 deletions assets/semgrep_rules/c/chromium-insecure-gurl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,23 @@ rules:
thypon
fmarier
pattern-either:
- pattern: GURL $VAR = ...;
- pattern: KURL $VAR = ...;
- pattern: $VAR.DeprecatedGetOriginAsURL();
- patterns:
- pattern: $TYPE $VAR = ...;
- metavariable-regex:
metavariable: $VAR
regex: origin
- metavariable-regex:
metavariable: $TYPE
regex: ^(G|K)URL$
- pattern: ((GURL)$VAR).DeprecatedGetOriginAsURL();
- pattern: SecurityOrigin::Create((KURL $VAR));
- pattern: SecurityOrigin::Create((GURL $VAR));
message: >
Use origin (rather than URL) for security decisions.

message: |
Use origin (rather than URL) for security decisions.
URLs are often not sufficient for security decisions, since the origin may not be present in the URL (e.g., about:blank), may be tricky to parse (e.g., blob: or filesystem: URLs), or may be opaque despite a normal-looking URL (e.g., the security context may be sandboxed). Use origins whenever possible.
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/security/origin-vs-url.md
languages:
- cpp
Expand Down
4 changes: 2 additions & 2 deletions t3sts/semgrep_rules/insecure-gurl.cpp
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
int main() {
// chromium-insecure-gurl
// ok: chromium-insecure-gurl
GURL url = ...;
// chromium-insecure-gurl
GURL origin = url.DeprecatedGetOriginAsURL();
Expand All @@ -14,7 +14,7 @@ int main() {
// represent origins" section below.

// Blink-specific example:
// chromium-insecure-gurl
// ok: chromium-insecure-gurl
KURL url = ...;
// chromium-insecure-gurl
scoped_refptr<SecurityOrigin> origin = SecurityOrigin::Create(url);
Expand Down

0 comments on commit 39c48ca

Please sign in to comment.