Code analysis warning while parsing boolean query param (REST)

Question

export function isLegacyResource(): boolean {
    const queryParams = new URLSearchParams(window.location.search);
    return isQspValueTruthy(queryParams.get('isLegacy'));
}
export function isQspValueTruthy(value: string | null): boolean {
    if (value === null) {
        return false;
    }
    return value === '1' || value.toLowerCase() === 'true';
}
const isLegacy = isLegacyResource();

Semmle raises this warning [SM01513] User-controlled bypass of security check.

This says that I might be comparing the user-input using user controlled data. I feel the query param reading using window.location.search is checked for truthy-ness and this is not contradicting to any security flaw.

Can someone please point out the issue and how I can mitigate this?

score 1 · Answer 1 · answered Dec 05 '22 at 10:09

Semmle suspects, that this issue is related to some client-side control responsible for security validation. Having security validation on the client side would be a serious issue if present, but I don't think this is true in your case, as this logic does not smell to be security relevant at all. Static analysis tools do generate a bit of noise and semmle is no exception. Usual workaround is to find find out how to suppress semmle reporting this piece of code via some code annotations to prevent this false positive in the future.

Code analysis warning while parsing boolean query param (REST)

1 Answers1