Skip to content

Commit 76bce40

Browse files
committed
JS: test fixups
1 parent aa87008 commit 76bce40

File tree

3 files changed

+5
-25
lines changed

3 files changed

+5
-25
lines changed

javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22
| tst.js:11:9:11:25 | v.match(/[^a-z]/) | ExampleConfiguration | false | tst.js:11:9:11:9 | v |
33
| tst.js:23:9:23:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:23:26:23:26 | v |
44
| tst.js:35:9:35:14 | v in o | ExampleConfiguration | true | tst.js:35:9:35:9 | v |
5-
| tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | false | tst.js:47:11:47:11 | v |
6-
| tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:9:47:12 | o[v] |
7-
| tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:17:47:25 | undefined |
5+
| tst.js:47:6:47:22 | o[v] == undefined | ExampleConfiguration | false | tst.js:47:8:47:8 | v |
6+
| tst.js:47:6:47:22 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:6:47:9 | o[v] |
7+
| tst.js:47:6:47:22 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:14:47:22 | undefined |
88
| tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | false | tst.js:53:25:53:25 | v |
99
| tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | true | tst.js:53:9:53:17 | undefined |
1010
| tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | true | tst.js:53:23:53:26 | o[v] |

javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.expected

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -96,14 +96,6 @@ nodes
9696
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
9797
| unsafe-jquery-plugin.js:153:38:153:44 | options |
9898
| unsafe-jquery-plugin.js:153:38:153:44 | options |
99-
| unsafe-jquery-plugin.js:154:7:154:29 | target |
100-
| unsafe-jquery-plugin.js:154:16:154:22 | options |
101-
| unsafe-jquery-plugin.js:154:16:154:29 | options.target |
102-
| unsafe-jquery-plugin.js:155:33:155:38 | target |
103-
| unsafe-jquery-plugin.js:155:33:155:38 | target |
104-
| unsafe-jquery-plugin.js:156:41:156:47 | options |
105-
| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
106-
| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
10799
| unsafe-jquery-plugin.js:157:44:157:50 | options |
108100
| unsafe-jquery-plugin.js:157:44:157:57 | options.target |
109101
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
@@ -212,18 +204,8 @@ edges
212204
| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
213205
| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
214206
| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
215-
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
216-
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
217-
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
218-
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
219207
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
220208
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
221-
| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
222-
| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
223-
| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target |
224-
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:154:7:154:29 | target |
225-
| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
226-
| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
227209
| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
228210
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
229211
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
@@ -256,8 +238,6 @@ edges
256238
| unsafe-jquery-plugin.js:127:6:127:19 | options.target | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | '$.fn.my_plugin' plugin |
257239
| unsafe-jquery-plugin.js:132:5:132:18 | options.target | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:131:15:133:2 | functio ... T OK\\n\\t} | '$.fn.affix' plugin |
258240
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:135:17:137:2 | functio ... T OK\\n\\t} | '$.fn.tooltip' plugin |
259-
| unsafe-jquery-plugin.js:155:33:155:38 | target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:155:33:155:38 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
260-
| unsafe-jquery-plugin.js:156:41:156:54 | options.target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
261241
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
262242
| unsafe-jquery-plugin.js:170:6:170:11 | target | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:170:6:170:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:160:19:173:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
263243
| unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |

javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,8 +152,8 @@
152152

153153
$.fn.my_plugin = function my_plugin(options) {
154154
let target = options.target;
155-
target === DEFAULTS.target? $(target): $(document).find(target); // OK - but still flagged
156-
options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // OK - but still flagged
155+
target === DEFAULTS.target? $(target): $(document).find(target); // NOT OK
156+
options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // NOT OK
157157
options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - but still flagged
158158
}
159159

0 commit comments

Comments
 (0)