generated from SAP/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 16
Source and Sink Listings
Thomas Barber edited this page Jul 29, 2024
·
4 revisions
Extract the source and sink names using these handy commands:
Sources and sinks can now be activated dynamically in about:config or via this file:
https://github.com/SAP/project-foxhound/blob/main/modules/libpref/init/all.js
grep -ir --exclude-dir=obj-* MarkTaintSource | grep -o -P '(?<=\").*(?=\")' | sort | uniq > sources.txtCurrently this list is:
MessageEvent
PushMessageData
PushSubscription.endpoint
WebSocket.MessageEvent.data
XMLHttpRequest.response
document.baseURI
document.cookie
document.documentURI
document.referrer
element.getAttribute
element.getAttributeNS
input.value
localStorage.getItem
location.hash
location.host
location.hostname
location.href
location.origin
location.pathname
location.port
location.protocol
location.search
script.innerHTML
sessionStorage.getItem
window.MessageEvent
window.name
grep -ir --exclude-dir=obj-* ReportTaintSink | grep -o -P '(?<=\").*(?=\")' | sort | uniq > sinks.txtCurrently the list is:
EventSource
Function.ctor
ReportTaintSink
WebSocket
WebSocket.send
XMLHttpRequest.open(password)
XMLHttpRequest.open(url)
XMLHttpRequest.open(username)
XMLHttpRequest.send
XMLHttpRequest.setRequestHeader(name)
XMLHttpRequest.setRequestHeader(value)
a.href
area.href
document.cookie
document.writeln
document.write
element.style
embed.src
eval
eventHandler
fetch.body
fetch.url
iframe.src
innerHTML
insertAdjacentHTML
insertAdjacentText
localStorage.setItem
localStorage.setItem(key)
location.assign
location.hash
location.host
location.href
location.pathname
location.port
location.protocol
location.replace
location.search
media.src
navigator.sendBeacon(body)
navigator.sendBeacon(url)
navigator.sendBeacon(url)n
object.data
outerHTML
script.innerHTML
script.src
script.text
sessionStorage.setItem
sessionStorage.setItem(key)
setInterval
setTimeout
track.src
window.open
window.postMessage