Skip to content

Commit 71a3d49

Browse files
erik-krogherik-krogh
committed
update comments to match alert location for CWE-807
1 parent d814e73 commit 71a3d49

File tree

3 files changed

+123
-136
lines changed

3 files changed

+123
-136
lines changed

javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected

Lines changed: 107 additions & 107 deletions
Original file line numberDiff line numberDiff line change
@@ -2,113 +2,113 @@ nodes
22
| tst.js:9:8:9:26 | req.params.shutDown |
33
| tst.js:9:8:9:26 | req.params.shutDown |
44
| tst.js:9:8:9:26 | req.params.shutDown |
5-
| tst.js:14:9:14:19 | req.cookies |
6-
| tst.js:14:9:14:19 | req.cookies |
7-
| tst.js:14:9:14:30 | req.coo ... inThing |
8-
| tst.js:14:9:14:30 | req.coo ... inThing |
9-
| tst.js:30:9:30:37 | v3 |
10-
| tst.js:30:14:30:37 | id(req. ... okieId) |
11-
| tst.js:30:17:30:27 | req.cookies |
12-
| tst.js:30:17:30:27 | req.cookies |
13-
| tst.js:30:17:30:36 | req.cookies.cookieId |
14-
| tst.js:31:9:31:10 | v3 |
15-
| tst.js:31:9:31:10 | v3 |
16-
| tst.js:37:13:37:23 | req.cookies |
17-
| tst.js:37:13:37:23 | req.cookies |
18-
| tst.js:37:13:37:32 | req.cookies.cookieId |
19-
| tst.js:37:13:37:32 | req.cookies.cookieId |
20-
| tst.js:43:9:43:19 | req.cookies |
21-
| tst.js:43:9:43:19 | req.cookies |
22-
| tst.js:43:9:43:28 | req.cookies.cookieId |
23-
| tst.js:43:9:43:28 | req.cookies.cookieId |
24-
| tst.js:50:8:50:23 | req.params.login |
25-
| tst.js:50:8:50:23 | req.params.login |
26-
| tst.js:50:8:50:23 | req.params.login |
27-
| tst.js:65:8:65:23 | req.params.login |
28-
| tst.js:65:8:65:23 | req.params.login |
29-
| tst.js:65:8:65:23 | req.params.login |
30-
| tst.js:70:9:70:19 | req.cookies |
31-
| tst.js:70:9:70:19 | req.cookies |
32-
| tst.js:70:9:70:28 | req.cookies.cookieId |
33-
| tst.js:70:9:70:28 | req.cookies.cookieId |
34-
| tst.js:70:34:70:53 | req.params.requestId |
35-
| tst.js:70:34:70:53 | req.params.requestId |
36-
| tst.js:70:34:70:53 | req.params.requestId |
37-
| tst.js:75:14:75:24 | req.cookies |
38-
| tst.js:75:14:75:24 | req.cookies |
39-
| tst.js:75:14:75:33 | req.cookies.cookieId |
40-
| tst.js:75:14:75:33 | req.cookies.cookieId |
41-
| tst.js:75:39:75:58 | req.params.requestId |
42-
| tst.js:75:39:75:58 | req.params.requestId |
43-
| tst.js:75:39:75:58 | req.params.requestId |
44-
| tst.js:90:9:90:19 | req.cookies |
45-
| tst.js:90:9:90:19 | req.cookies |
46-
| tst.js:90:9:90:28 | req.cookies.cookieId |
47-
| tst.js:90:9:90:28 | req.cookies.cookieId |
48-
| tst.js:90:9:90:41 | req.coo ... secret" |
49-
| tst.js:90:9:90:41 | req.coo ... secret" |
50-
| tst.js:104:10:104:17 | req.body |
51-
| tst.js:104:10:104:17 | req.body |
52-
| tst.js:104:10:104:17 | req.body |
53-
| tst.js:111:13:111:32 | req.query.vulnerable |
54-
| tst.js:111:13:111:32 | req.query.vulnerable |
55-
| tst.js:111:13:111:32 | req.query.vulnerable |
56-
| tst.js:118:13:118:32 | req.query.vulnerable |
57-
| tst.js:118:13:118:32 | req.query.vulnerable |
58-
| tst.js:118:13:118:32 | req.query.vulnerable |
59-
| tst.js:126:13:126:32 | req.query.vulnerable |
60-
| tst.js:126:13:126:32 | req.query.vulnerable |
61-
| tst.js:126:13:126:32 | req.query.vulnerable |
5+
| tst.js:13:9:13:19 | req.cookies |
6+
| tst.js:13:9:13:19 | req.cookies |
7+
| tst.js:13:9:13:30 | req.coo ... inThing |
8+
| tst.js:13:9:13:30 | req.coo ... inThing |
9+
| tst.js:27:9:27:37 | v3 |
10+
| tst.js:27:14:27:37 | id(req. ... okieId) |
11+
| tst.js:27:17:27:27 | req.cookies |
12+
| tst.js:27:17:27:27 | req.cookies |
13+
| tst.js:27:17:27:36 | req.cookies.cookieId |
14+
| tst.js:28:9:28:10 | v3 |
15+
| tst.js:28:9:28:10 | v3 |
16+
| tst.js:33:13:33:23 | req.cookies |
17+
| tst.js:33:13:33:23 | req.cookies |
18+
| tst.js:33:13:33:32 | req.cookies.cookieId |
19+
| tst.js:33:13:33:32 | req.cookies.cookieId |
20+
| tst.js:38:9:38:19 | req.cookies |
21+
| tst.js:38:9:38:19 | req.cookies |
22+
| tst.js:38:9:38:28 | req.cookies.cookieId |
23+
| tst.js:38:9:38:28 | req.cookies.cookieId |
24+
| tst.js:44:8:44:23 | req.params.login |
25+
| tst.js:44:8:44:23 | req.params.login |
26+
| tst.js:44:8:44:23 | req.params.login |
27+
| tst.js:57:8:57:23 | req.params.login |
28+
| tst.js:57:8:57:23 | req.params.login |
29+
| tst.js:57:8:57:23 | req.params.login |
30+
| tst.js:61:9:61:19 | req.cookies |
31+
| tst.js:61:9:61:19 | req.cookies |
32+
| tst.js:61:9:61:28 | req.cookies.cookieId |
33+
| tst.js:61:9:61:28 | req.cookies.cookieId |
34+
| tst.js:61:34:61:53 | req.params.requestId |
35+
| tst.js:61:34:61:53 | req.params.requestId |
36+
| tst.js:61:34:61:53 | req.params.requestId |
37+
| tst.js:65:14:65:24 | req.cookies |
38+
| tst.js:65:14:65:24 | req.cookies |
39+
| tst.js:65:14:65:33 | req.cookies.cookieId |
40+
| tst.js:65:14:65:33 | req.cookies.cookieId |
41+
| tst.js:65:39:65:58 | req.params.requestId |
42+
| tst.js:65:39:65:58 | req.params.requestId |
43+
| tst.js:65:39:65:58 | req.params.requestId |
44+
| tst.js:78:9:78:19 | req.cookies |
45+
| tst.js:78:9:78:19 | req.cookies |
46+
| tst.js:78:9:78:28 | req.cookies.cookieId |
47+
| tst.js:78:9:78:28 | req.cookies.cookieId |
48+
| tst.js:78:9:78:41 | req.coo ... secret" |
49+
| tst.js:78:9:78:41 | req.coo ... secret" |
50+
| tst.js:91:10:91:17 | req.body |
51+
| tst.js:91:10:91:17 | req.body |
52+
| tst.js:91:10:91:17 | req.body |
53+
| tst.js:98:13:98:32 | req.query.vulnerable |
54+
| tst.js:98:13:98:32 | req.query.vulnerable |
55+
| tst.js:98:13:98:32 | req.query.vulnerable |
56+
| tst.js:105:13:105:32 | req.query.vulnerable |
57+
| tst.js:105:13:105:32 | req.query.vulnerable |
58+
| tst.js:105:13:105:32 | req.query.vulnerable |
59+
| tst.js:113:13:113:32 | req.query.vulnerable |
60+
| tst.js:113:13:113:32 | req.query.vulnerable |
61+
| tst.js:113:13:113:32 | req.query.vulnerable |
6262
edges
6363
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown |
64-
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
65-
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
66-
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
67-
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
68-
| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
69-
| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
70-
| tst.js:30:14:30:37 | id(req. ... okieId) | tst.js:30:9:30:37 | v3 |
71-
| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
72-
| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
73-
| tst.js:30:17:30:36 | req.cookies.cookieId | tst.js:30:14:30:37 | id(req. ... okieId) |
74-
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
75-
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
76-
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
77-
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
78-
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
79-
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
80-
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
81-
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
82-
| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login |
83-
| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login |
84-
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
85-
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
86-
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
87-
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
88-
| tst.js:70:34:70:53 | req.params.requestId | tst.js:70:34:70:53 | req.params.requestId |
89-
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
90-
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
91-
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
92-
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
93-
| tst.js:75:39:75:58 | req.params.requestId | tst.js:75:39:75:58 | req.params.requestId |
94-
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
95-
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
96-
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
97-
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
98-
| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
99-
| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
100-
| tst.js:104:10:104:17 | req.body | tst.js:104:10:104:17 | req.body |
101-
| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable |
102-
| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable |
103-
| tst.js:126:13:126:32 | req.query.vulnerable | tst.js:126:13:126:32 | req.query.vulnerable |
64+
| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
65+
| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
66+
| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
67+
| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
68+
| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 |
69+
| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 |
70+
| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 |
71+
| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId |
72+
| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId |
73+
| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) |
74+
| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
75+
| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
76+
| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
77+
| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
78+
| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
79+
| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
80+
| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
81+
| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
82+
| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login |
83+
| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login |
84+
| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
85+
| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
86+
| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
87+
| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
88+
| tst.js:61:34:61:53 | req.params.requestId | tst.js:61:34:61:53 | req.params.requestId |
89+
| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
90+
| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
91+
| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
92+
| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
93+
| tst.js:65:39:65:58 | req.params.requestId | tst.js:65:39:65:58 | req.params.requestId |
94+
| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
95+
| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
96+
| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
97+
| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
98+
| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" |
99+
| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" |
100+
| tst.js:91:10:91:17 | req.body | tst.js:91:10:91:17 | req.body |
101+
| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable |
102+
| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable |
103+
| tst.js:113:13:113:32 | req.query.vulnerable | tst.js:113:13:113:32 | req.query.vulnerable |
104104
#select
105-
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but $@ controls it. | tst.js:11:9:11:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | a user-provided value |
106-
| tst.js:14:9:14:30 | req.coo ... inThing | tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing | This condition guards a sensitive $@, but $@ controls it. | tst.js:16:9:16:17 | o.login() | action | tst.js:14:9:14:19 | req.cookies | a user-provided value |
107-
| tst.js:31:9:31:10 | v3 | tst.js:30:17:30:27 | req.cookies | tst.js:31:9:31:10 | v3 | This condition guards a sensitive $@, but $@ controls it. | tst.js:33:9:33:22 | process.exit() | action | tst.js:30:17:30:27 | req.cookies | a user-provided value |
108-
| tst.js:37:13:37:32 | req.cookies.cookieId | tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:39:13:39:26 | process.exit() | action | tst.js:37:13:37:23 | req.cookies | a user-provided value |
109-
| tst.js:43:9:43:28 | req.cookies.cookieId | tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:46:13:46:26 | process.exit() | action | tst.js:43:9:43:19 | req.cookies | a user-provided value |
110-
| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:54:9:54:15 | login() | action | tst.js:50:8:50:23 | req.params.login | a user-provided value |
111-
| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:67:9:67:15 | login() | action | tst.js:65:8:65:23 | req.params.login | a user-provided value |
112-
| tst.js:90:9:90:41 | req.coo ... secret" | tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:41 | req.coo ... secret" | This condition guards a sensitive $@, but $@ controls it. | tst.js:92:9:92:22 | process.exit() | action | tst.js:90:9:90:19 | req.cookies | a user-provided value |
113-
| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:114:9:114:16 | verify() | action | tst.js:111:13:111:32 | req.query.vulnerable | a user-provided value |
114-
| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:121:13:121:20 | verify() | action | tst.js:118:13:118:32 | req.query.vulnerable | a user-provided value |
105+
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but $@ controls it. | tst.js:10:9:10:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | a user-provided value |
106+
| tst.js:13:9:13:30 | req.coo ... inThing | tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | This condition guards a sensitive $@, but $@ controls it. | tst.js:14:9:14:17 | o.login() | action | tst.js:13:9:13:19 | req.cookies | a user-provided value |
107+
| tst.js:28:9:28:10 | v3 | tst.js:27:17:27:27 | req.cookies | tst.js:28:9:28:10 | v3 | This condition guards a sensitive $@, but $@ controls it. | tst.js:29:9:29:22 | process.exit() | action | tst.js:27:17:27:27 | req.cookies | a user-provided value |
108+
| tst.js:33:13:33:32 | req.cookies.cookieId | tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:34:13:34:26 | process.exit() | action | tst.js:33:13:33:23 | req.cookies | a user-provided value |
109+
| tst.js:38:9:38:28 | req.cookies.cookieId | tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:40:13:40:26 | process.exit() | action | tst.js:38:9:38:19 | req.cookies | a user-provided value |
110+
| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:47:9:47:15 | login() | action | tst.js:44:8:44:23 | req.params.login | a user-provided value |
111+
| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:58:9:58:15 | login() | action | tst.js:57:8:57:23 | req.params.login | a user-provided value |
112+
| tst.js:78:9:78:41 | req.coo ... secret" | tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:41 | req.coo ... secret" | This condition guards a sensitive $@, but $@ controls it. | tst.js:79:9:79:22 | process.exit() | action | tst.js:78:9:78:19 | req.cookies | a user-provided value |
113+
| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:101:9:101:16 | verify() | action | tst.js:98:13:98:32 | req.query.vulnerable | a user-provided value |
114+
| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:108:13:108:20 | verify() | action | tst.js:105:13:105:32 | req.query.vulnerable | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-807/DifferentKindsComparisonBypass.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
| tst-different-kinds-comparison-bypass.js:7:5:7:42 | req.que ... .userId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:7:5:7:20 | req.query.userId | req.query.userId | tst-different-kinds-comparison-bypass.js:7:25:7:35 | req.cookies | req.cookies |
22
| tst-different-kinds-comparison-bypass.js:11:5:11:23 | req.url == req.body | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:11:5:11:11 | req.url | req.url | tst-different-kinds-comparison-bypass.js:11:16:11:23 | req.body | req.body |
33
| tst-different-kinds-comparison-bypass.js:16:9:16:14 | a == b | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:13:11:13:26 | req.query.userId | req.query.userId | tst-different-kinds-comparison-bypass.js:13:29:13:39 | req.cookies | req.cookies |
4-
| tst.js:70:9:70:53 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:70:9:70:19 | req.cookies | req.cookies | tst.js:70:34:70:53 | req.params.requestId | req.params.requestId |
5-
| tst.js:75:14:75:58 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:75:14:75:24 | req.cookies | req.cookies | tst.js:75:39:75:58 | req.params.requestId | req.params.requestId |
6-
| tst.js:82:16:82:22 | p === q | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:84:18:84:28 | req.cookies | req.cookies | tst.js:84:40:84:59 | req.params.requestId | req.params.requestId |
4+
| tst.js:61:9:61:53 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:61:9:61:19 | req.cookies | req.cookies | tst.js:61:34:61:53 | req.params.requestId | req.params.requestId |
5+
| tst.js:65:14:65:58 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:65:14:65:24 | req.cookies | req.cookies | tst.js:65:39:65:58 | req.params.requestId | req.params.requestId |
6+
| tst.js:71:16:71:22 | p === q | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:73:18:73:28 | req.cookies | req.cookies | tst.js:73:40:73:59 | req.params.requestId | req.params.requestId |

0 commit comments

Comments
 (0)