Skip to content

Network taint operations miss arguments about the request #320

Closed
Closed
Network taint operations miss arguments about the request#320
Labels
enhancementNew feature or requestgood first issueGood for newcomers
@eleumasc

Description

@eleumasc
eleumasc
opened on Jul 23, 2025

The fetch.header(value), fetch.text(), fetch.json(), and WebSocket.MessageEvent.data taint operations do not have arguments about the request, but XMLHttpRequest.send and XMLHttpRequest.response do.

Expected

{
  "operation": "fetch.text()",
  "builtin": true,
  "source": true,
  "location": { ... },
  "arguments": [
    "https://example.org/a.json",
    "Content-Type: application/x-www-form-urlencoded\r\n",
    "content-length: 96\r\ncontent-type: application/json; charset=utf-8\r\n"
  ]
}

Actual

{
  "operation": "fetch.text()",
  "builtin": true,
  "source": true,
  "location": { ... },
  "arguments": []
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions