New experimental query: Clipboard-based XSS #422
Description
Query
Link to pull request with your CodeQL query:
Relevant PR: github/codeql#6498
CVE ID(s)
- CVE-2021-37700
- https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/#clipboard-dom-based-xss (CVE still needs to be assigned)
Report
The Javascript clipboard api is a source of user input not currently covered by CodeQL's official XSS queries. The proposed query is an answer to this gap and has already been used to find vulnerabilities in relevant projects as listed above.
- Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Result(s)
Limitations
Although the process of creating this query led me to find CVE-2021-37700, the current query does not cover its case. For some reason, although the reference to event.clipboardData is found at https://github.com/github/paste-markdown/blob/v0.3.3/src/paste-markdown-table.ts#L40 by the clipboardDataTransferSource predicate, its use in https://github.com/github/paste-markdown/blob/v0.3.3/src/paste-markdown-table.ts#L91 is not detected by the clipboardDataSource predicate. Any help with this would be appreciated.