Skip to content

Commit 710cca5

Browse files
asgerfasgerf
committed
JS: Update expectations with new sources
1 parent a9383da commit 710cca5

File tree

7 files changed

+156
-332
lines changed

7 files changed

+156
-332
lines changed

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -128,8 +128,7 @@ nodes
128128
| dates.js:18:59:18:63 | taint |
129129
| event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
130130
| event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
131-
| event-handler-receiver.js:2:49:2:56 | location |
132-
| event-handler-receiver.js:2:49:2:56 | location |
131+
| event-handler-receiver.js:2:49:2:61 | location.href |
133132
| event-handler-receiver.js:2:49:2:61 | location.href |
134133
| express.js:7:15:7:33 | req.param("wobble") |
135134
| express.js:7:15:7:33 | req.param("wobble") |
@@ -791,8 +790,8 @@ edges
791790
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
792791
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` |
793792
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) |
794-
| event-handler-receiver.js:2:49:2:56 | location | event-handler-receiver.js:2:49:2:61 | location.href |
795-
| event-handler-receiver.js:2:49:2:56 | location | event-handler-receiver.js:2:49:2:61 | location.href |
793+
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
794+
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
796795
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
797796
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' |
798797
| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") |

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected

Lines changed: 69 additions & 146 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected

Lines changed: 47 additions & 124 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected

Lines changed: 18 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,21 @@ nodes
33
| electron.js:4:12:4:22 | window.name |
44
| electron.js:7:20:7:29 | getTaint() |
55
| electron.js:7:20:7:29 | getTaint() |
6-
| react.js:10:60:10:76 | document.location |
7-
| react.js:10:60:10:76 | document.location |
86
| react.js:10:60:10:81 | documen ... on.hash |
97
| react.js:10:60:10:81 | documen ... on.hash |
10-
| react.js:21:24:21:40 | document.location |
11-
| react.js:21:24:21:40 | document.location |
8+
| react.js:10:60:10:81 | documen ... on.hash |
9+
| react.js:21:24:21:45 | documen ... on.hash |
1210
| react.js:21:24:21:45 | documen ... on.hash |
1311
| react.js:21:24:21:45 | documen ... on.hash |
14-
| react.js:28:43:28:59 | document.location |
15-
| react.js:28:43:28:59 | document.location |
12+
| react.js:28:43:28:64 | documen ... on.hash |
1613
| react.js:28:43:28:64 | documen ... on.hash |
1714
| react.js:28:43:28:74 | documen ... bstr(1) |
1815
| react.js:28:43:28:74 | documen ... bstr(1) |
19-
| react.js:34:43:34:59 | document.location |
20-
| react.js:34:43:34:59 | document.location |
16+
| react.js:34:43:34:64 | documen ... on.hash |
2117
| react.js:34:43:34:64 | documen ... on.hash |
2218
| react.js:34:43:34:74 | documen ... bstr(1) |
2319
| react.js:34:43:34:74 | documen ... bstr(1) |
24-
| react.js:40:19:40:35 | document.location |
25-
| react.js:40:19:40:35 | document.location |
20+
| react.js:40:19:40:40 | documen ... on.hash |
2621
| react.js:40:19:40:40 | documen ... on.hash |
2722
| react.js:40:19:40:50 | documen ... bstr(1) |
2823
| react.js:40:19:40:50 | documen ... bstr(1) |
@@ -193,24 +188,18 @@ edges
193188
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
194189
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
195190
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
196-
| react.js:10:60:10:76 | document.location | react.js:10:60:10:81 | documen ... on.hash |
197-
| react.js:10:60:10:76 | document.location | react.js:10:60:10:81 | documen ... on.hash |
198-
| react.js:10:60:10:76 | document.location | react.js:10:60:10:81 | documen ... on.hash |
199-
| react.js:10:60:10:76 | document.location | react.js:10:60:10:81 | documen ... on.hash |
200-
| react.js:21:24:21:40 | document.location | react.js:21:24:21:45 | documen ... on.hash |
201-
| react.js:21:24:21:40 | document.location | react.js:21:24:21:45 | documen ... on.hash |
202-
| react.js:21:24:21:40 | document.location | react.js:21:24:21:45 | documen ... on.hash |
203-
| react.js:21:24:21:40 | document.location | react.js:21:24:21:45 | documen ... on.hash |
204-
| react.js:28:43:28:59 | document.location | react.js:28:43:28:64 | documen ... on.hash |
205-
| react.js:28:43:28:59 | document.location | react.js:28:43:28:64 | documen ... on.hash |
191+
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash |
192+
| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash |
193+
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
206194
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
207195
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
208-
| react.js:34:43:34:59 | document.location | react.js:34:43:34:64 | documen ... on.hash |
209-
| react.js:34:43:34:59 | document.location | react.js:34:43:34:64 | documen ... on.hash |
196+
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
197+
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
198+
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
210199
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
211200
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
212-
| react.js:40:19:40:35 | document.location | react.js:40:19:40:40 | documen ... on.hash |
213-
| react.js:40:19:40:35 | document.location | react.js:40:19:40:40 | documen ... on.hash |
201+
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
202+
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
214203
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
215204
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
216205
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url |
@@ -360,11 +349,11 @@ edges
360349
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
361350
#select
362351
| electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection due to $@. | electron.js:4:12:4:22 | window.name | user-provided value |
363-
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:76 | document.location | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection due to $@. | react.js:10:60:10:76 | document.location | user-provided value |
364-
| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:40 | document.location | react.js:21:24:21:45 | documen ... on.hash | Untrusted URL redirection due to $@. | react.js:21:24:21:40 | document.location | user-provided value |
365-
| react.js:28:43:28:74 | documen ... bstr(1) | react.js:28:43:28:59 | document.location | react.js:28:43:28:74 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:28:43:28:59 | document.location | user-provided value |
366-
| react.js:34:43:34:74 | documen ... bstr(1) | react.js:34:43:34:59 | document.location | react.js:34:43:34:74 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:34:43:34:59 | document.location | user-provided value |
367-
| react.js:40:19:40:50 | documen ... bstr(1) | react.js:40:19:40:35 | document.location | react.js:40:19:40:50 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:40:19:40:35 | document.location | user-provided value |
352+
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection due to $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value |
353+
| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | Untrusted URL redirection due to $@. | react.js:21:24:21:45 | documen ... on.hash | user-provided value |
354+
| react.js:28:43:28:74 | documen ... bstr(1) | react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:28:43:28:64 | documen ... on.hash | user-provided value |
355+
| react.js:34:43:34:74 | documen ... bstr(1) | react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:34:43:34:64 | documen ... on.hash | user-provided value |
356+
| react.js:40:19:40:50 | documen ... bstr(1) | react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | Untrusted URL redirection due to $@. | react.js:40:19:40:40 | documen ... on.hash | user-provided value |
368357
| sanitizer.js:4:27:4:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:4:27:4:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
369358
| sanitizer.js:16:27:16:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:16:27:16:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
370359
| sanitizer.js:19:27:19:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:19:27:19:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |

javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
nodes
22
| domparser.js:2:7:2:36 | src |
3-
| domparser.js:2:13:2:29 | document.location |
4-
| domparser.js:2:13:2:29 | document.location |
3+
| domparser.js:2:13:2:36 | documen ... .search |
54
| domparser.js:2:13:2:36 | documen ... .search |
65
| domparser.js:11:55:11:57 | src |
76
| domparser.js:11:55:11:57 | src |
@@ -33,8 +32,7 @@ edges
3332
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
3433
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
3534
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
36-
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
37-
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
35+
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
3836
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
3937
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
4038
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
@@ -47,8 +45,8 @@ edges
4745
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
4846
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
4947
#select
50-
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:29 | document.location | domparser.js:11:55:11:57 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
51-
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:29 | document.location | domparser.js:14:57:14:59 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
48+
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
49+
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
5250
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
5351
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | user-provided value |
5452
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | user-provided value |

javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,7 @@ nodes
55
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
66
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
77
| XpathInjectionBad.js:9:66:9:73 | userName |
8-
| tst2.js:1:13:1:29 | document.location |
9-
| tst2.js:1:13:1:29 | document.location |
8+
| tst2.js:1:13:1:34 | documen ... on.hash |
109
| tst2.js:1:13:1:34 | documen ... on.hash |
1110
| tst2.js:1:13:1:47 | documen ... ring(1) |
1211
| tst2.js:2:27:2:31 | query |
@@ -30,8 +29,7 @@ edges
3029
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
3130
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
3231
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
33-
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
34-
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
32+
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
3533
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
3634
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
3735
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
@@ -49,8 +47,8 @@ edges
4947
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
5048
#select
5149
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | $@ flows here and is used in an XPath expression. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | User-provided value |
52-
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:29 | document.location | tst2.js:2:27:2:31 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:29 | document.location | User-provided value |
53-
| tst2.js:3:19:3:23 | query | tst2.js:1:13:1:29 | document.location | tst2.js:3:19:3:23 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:29 | document.location | User-provided value |
50+
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:34 | documen ... on.hash | User-provided value |
51+
| tst2.js:3:19:3:23 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:3:19:3:23 | query | $@ flows here and is used in an XPath expression. | tst2.js:1:13:1:34 | documen ... on.hash | User-provided value |
5452
| tst.js:7:15:7:21 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:7:15:7:21 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
5553
| tst.js:8:16:8:22 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:8:16:8:22 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |
5654
| tst.js:9:17:9:23 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:9:17:9:23 | tainted | $@ flows here and is used in an XPath expression. | tst.js:6:17:6:37 | req.par ... rName") | User-provided value |

0 commit comments

Comments
 (0)