refactor test

tyage · tyage · commit 726cd2ca8a90 · 2022-10-04T17:11:37.000+09:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
@@ -436,15 +436,15 @@ nodes
 | json-stringify.jsx:5:18:5:36 | req.param("locale") |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") |
-| json-stringify.jsx:14:18:14:60 | `https: ... ocale}` |
-| json-stringify.jsx:14:53:14:58 | locale |
-| json-stringify.jsx:22:18:22:65 | `https: ... ocale}` |
-| json-stringify.jsx:22:58:22:63 | locale |
-| json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
-| json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
+| json-stringify.jsx:11:51:11:56 | locale |
+| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
+| json-stringify.jsx:19:56:19:61 | locale |
+| json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
 | jwt-server.js:7:9:7:35 | taint |
 | jwt-server.js:7:9:7:35 | taint |
 | jwt-server.js:7:17:7:35 | req.param("wobble") |
@@ -1573,22 +1573,22 @@ edges
 | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') |
 | jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ...  '</b>' |
 | jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ...  '</b>' |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:14:53:14:58 | locale |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:22:58:22:63 | locale |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:30:40:30:45 | locale |
-| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:30:40:30:45 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:40:31:45 | locale |
+| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:40:31:45 | locale |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
 | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale |
-| json-stringify.jsx:14:18:14:60 | `https: ... ocale}` | json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
-| json-stringify.jsx:14:18:14:60 | `https: ... ocale}` | json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
-| json-stringify.jsx:14:53:14:58 | locale | json-stringify.jsx:14:18:14:60 | `https: ... ocale}` |
-| json-stringify.jsx:22:18:22:65 | `https: ... ocale}` | json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
-| json-stringify.jsx:22:18:22:65 | `https: ... ocale}` | json-stringify.jsx:34:40:34:61 | JSON.st ... jsonLD) |
-| json-stringify.jsx:22:58:22:63 | locale | json-stringify.jsx:22:18:22:65 | `https: ... ocale}` |
+| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` |
+| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) |
+| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` |
 | jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
 | jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint |
 | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/json-stringify.jsx
@@ -3,27 +3,28 @@ var app = express();
 
 app.get("/some/path", function (req, res) {
   const locale = req.param("locale");
+  const breadcrumbList = [
+    {
+      "@type": "ListItem",
+      position: 1,
+      item: {
+        "@id": `https://example.com/some?locale=${locale}`,
+        name: "Some",
+      },
+    },
+    {
+      "@type": "ListItem",
+      position: 2,
+      item: {
+        "@id": `https://example.com/some/path?locale=${locale}`,
+        name: "Path",
+      },
+    },
+  ];
   const jsonLD = {
     "@context": "https://schema.org",
     "@type": "BreadcrumbList",
-    itemListElement: [
-      {
-        "@type": "ListItem",
-        position: 1,
-        item: {
-          "@id": `https://example.com/some?locale=${locale}`,
-          name: "Some",
-        },
-      },
-      {
-        "@type": "ListItem",
-        position: 2,
-        item: {
-          "@id": `https://example.com/some/path?locale=${locale}`,
-          name: "Real Dresses",
-        },
-      },
-    ],
+    itemListElement: breadcrumbList,
   };
   <script
     type="application/ld+json"
