Taint Tracking Test Websites - Micro Benchmarks - proxy-4

Description: Test the taint engine's ability on different builtins.

Source:

Type: ManuallyAdded

Code:

J$$.wrapTaint()

Sink:

Type: XSS

Code:

document.createElement('script').src

Testing Code:

* @Name: proxy-4
 * @SourceType: ManuallyAdded
 * @SourceCode: J$$.wrapTaint()
 * @SinkType: XSS
 * @SinkCode: document.createElement('script').src
 */
(function() {
  if (typeof J$$ !== 'undefined' && J$$.wrapTaint) {
    // Check taint of a proxy could be a bit tricky
    let taintedValue = { a: 'tainted' };
    const handler = {
      get(target, prop, receiver) {
        return "HELLOWORLD";
      },
    };

    let proxy = new Proxy(taintedValue, handler);

    if (J$$.isTainted(proxy)) {
      throw new Error("Not a Tainted value!");
    }

    let scriptEle = document.createElement('script');
    scriptEle.src = `https://example.com/${J$$.wrapTaint(proxy.a)}`;
  } else {
    console.error("J$$ is not defined or does not have wrapTaint method.");
  }
})();

Next Test