JS: Add test to unsafe jquery plugin

asgerf · asgerf · commit f87f6c855691 · 2023-04-17T12:15:05.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected
@@ -0,0 +1 @@
+| query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:199 | did not expect an alert, but found an alert for UnsafeJQueryPlugin | OK |  |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected
@@ -127,6 +127,13 @@ nodes
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
+| unsafe-jquery-plugin.js:196:33:196:39 | options |
+| unsafe-jquery-plugin.js:196:33:196:39 | options |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} |
+| unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:202:4:202:10 | options |
 edges
 | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
 | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
@@ -256,6 +263,15 @@ edges
 | unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of |
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
+| unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:202:4:202:10 | options |
+| unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:202:4:202:10 | options |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:202:4:202:10 | options | unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:202:4:202:10 | options | unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} |
 #select
 | unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
@@ -280,3 +296,4 @@ edges
 | unsafe-jquery-plugin.js:170:6:170:11 | target | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:170:6:170:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:160:19:173:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of | unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:192:19:192:28 | options.of | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:185:18:194:2 | functio ... et);\\n\\t} | '$.fn.position' plugin |
+| unsafe-jquery-plugin.js:199:8:199:11 | this | unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:199:8:199:11 | this | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:196:23:204:2 | functio ... \\t\\t);\\n\\t} | '$.fn.blockReceiver' plugin |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
@@ -188,8 +188,18 @@
 		}
 		// extending options
 		options = $.extend( {}, options );
-	
+
 		var target = $( options.of ); // NOT OK
 		console.log(target);
 	};
+
+	$.fn.blockReceiver = function( options ) {
+		$.extend({
+				foo() {
+					$(this); // OK
+				}
+			},
+			options,
+		);
+	};
 });

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:199 \| did not expect an alert, but found an alert for UnsafeJQueryPlugin \| OK \| \|`