Adding xXSSvalidation function

SAP · Dec 10, 2024 · 0002266 · 0002266
1 parent b914a05
commit 0002266
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 1 deletion.
diff --git a/js/src/builtin/String.cpp b/js/src/builtin/String.cpp
@@ -123,6 +123,8 @@ static bool str_encodeURI(JSContext* cx, unsigned argc, Value* vp);
 
 static bool str_encodeURI_Component(JSContext* cx, unsigned argc, Value* vp);
 
+static bool str_foxhound(JSContext* cx, unsigned argc, Value* vp);
+
 /*
  * Global string methods
  */
@@ -723,7 +725,7 @@ static const JSFunctionSpec string_functions[] = {
     JS_FN("encodeURI", str_encodeURI, 1, JSPROP_RESOLVING),
     JS_FN("decodeURIComponent", str_decodeURI_Component, 1, JSPROP_RESOLVING),
     JS_FN("encodeURIComponent", str_encodeURI_Component, 1, JSPROP_RESOLVING),
-
+    JS_FN("foxhound", str_foxhound, 1, JSPROP_RESOLVING),
     JS_FS_END,
 };
 
@@ -5325,6 +5327,21 @@ JSString* js::EncodeURI(JSContext* cx, const char* chars, size_t length) {
   return sb.finishString();
 }
 
+static bool str_foxhound(JSContext* cx, unsigned argc, Value* vp) {
+  AutoJSMethodProfilerEntry pseudoFrame(cx, "foxhound");
+  CallArgs args = CallArgsFromVp(argc, vp);
+  // This will also do conversions from numbers to strings
+  Rooted<JSLinearString*> str(cx, ArgToLinearString(cx, args, 0));
+  if (!str) {
+    return false;
+  }
+
+  MaybeSpewMessage(cx, str);
+
+  args.rval().setUndefined();
+  return true;
+}
+
 static bool FlatStringMatchHelper(JSContext* cx, HandleString str,
                                   HandleString pattern, bool* isFlat,
                                   int32_t* match) {

diff --git a/js/src/jstaint.cpp b/js/src/jstaint.cpp
@@ -427,6 +427,28 @@ void JS::MaybeSpewStringTaint(JSContext* cx, JSString* str) {
 #endif
 }
 
+void JS::MaybeSpewMessage(JSContext* cx, JSString* str) {
+  // First print message to stderr
+  SEprinter p;
+  p.put("!!! foxhound() called with message: ");
+  p.putString(cx, str);
+  p.put("\n");
+  p.flush();
+
+#ifdef JS_STRUCTURED_SPEW
+  // Spew to file if enabled
+  AutoStructuredSpewer spew(cx, SpewChannel::TaintFlowSpewer, cx->currentScript());
+  if (spew) {
+    JSLinearString* linear = str->ensureLinear(cx);
+    if (linear) {
+      spew->property("foxhound", linear);
+    } else {
+      spew->property("foxhound", "Non-linear String!");
+    }
+  }
+#endif
+}
+
 // Print a message to stdout.
 void JS::TaintFoxReport(JSContext* cx, const char* msg)
 {

diff --git a/js/src/jstaint.h b/js/src/jstaint.h
@@ -87,6 +87,8 @@ void MarkTaintedFunctionArguments(JSContext* cx, JSFunction* function, const JS:
 
 // Write the taint report to file
 void MaybeSpewStringTaint(JSContext* cx, JSString* str);
+// Write a message to the file
+void MaybeSpewMessage(JSContext* cx, JSString* str);
 
 // Print a message to stdout.
 void TaintFoxReport(JSContext* cx, const char* msg);