Skip to content

Commit 16e3681

Browse files
asgerfasgerf
committed
JS: Update RegExpInjection test case
1 parent 0754ed2 commit 16e3681

File tree

2 files changed

+19
-19
lines changed

2 files changed

+19
-19
lines changed

javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,12 @@ nodes
2525
| RegExpInjection.js:31:23:31:23 | s |
2626
| RegExpInjection.js:33:12:33:14 | key |
2727
| RegExpInjection.js:34:12:34:19 | getKey() |
28-
| RegExpInjection.js:40:19:40:23 | input |
29-
| RegExpInjection.js:40:19:40:23 | input |
30-
| RegExpInjection.js:41:22:41:26 | input |
31-
| RegExpInjection.js:41:22:41:26 | input |
32-
| RegExpInjection.js:42:21:42:25 | input |
33-
| RegExpInjection.js:42:21:42:25 | input |
28+
| RegExpInjection.js:40:23:40:27 | input |
29+
| RegExpInjection.js:40:23:40:27 | input |
30+
| RegExpInjection.js:41:26:41:30 | input |
31+
| RegExpInjection.js:41:26:41:30 | input |
32+
| RegExpInjection.js:42:25:42:29 | input |
33+
| RegExpInjection.js:42:25:42:29 | input |
3434
| RegExpInjection.js:45:20:45:24 | input |
3535
| RegExpInjection.js:45:20:45:24 | input |
3636
| RegExpInjection.js:46:23:46:27 | input |
@@ -73,12 +73,12 @@ edges
7373
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key |
7474
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
7575
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
76-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
77-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
78-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
79-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
80-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
81-
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
76+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input |
77+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input |
78+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input |
79+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input |
80+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input |
81+
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input |
8282
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
8383
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
8484
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input |
@@ -136,9 +136,9 @@ edges
136136
| RegExpInjection.js:27:14:27:21 | getKey() | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
137137
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
138138
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
139-
| RegExpInjection.js:40:19:40:23 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:19:40:23 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
140-
| RegExpInjection.js:41:22:41:26 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:22:41:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
141-
| RegExpInjection.js:42:21:42:25 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:21:42:25 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
139+
| RegExpInjection.js:40:23:40:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:23:40:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
140+
| RegExpInjection.js:41:26:41:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:26:41:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
141+
| RegExpInjection.js:42:25:42:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:25:42:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
142142
| RegExpInjection.js:45:20:45:24 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:45:20:45:24 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
143143
| RegExpInjection.js:46:23:46:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:46:23:46:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
144144
| RegExpInjection.js:47:22:47:26 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:47:22:47:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |

javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,10 +37,10 @@ app.get('/findKey', function(req, res) {
3737
var likelyString = x? defString: 42;
3838
var notString = {};
3939

40-
defString.match(input); // NOT OK
41-
likelyString.match(input); // NOT OK
42-
maybeString.match(input); // NOT OK
43-
notString.match(input); // OK
40+
if (defString.match(input)) {} // NOT OK
41+
if (likelyString.match(input)) {} // NOT OK
42+
if (maybeString.match(input)) {} // NOT OK
43+
if (notString.match(input)) {} // OK
4444

4545
defString.search(input); // NOT OK
4646
likelyString.search(input); // NOT OK

0 commit comments

Comments
 (0)