Skip to content

Commit 945db4d

Browse files
asgerfasgerf
committed
JS: Fix test output
1 parent 707b0f3 commit 945db4d

File tree

2 files changed

+75
-40
lines changed

2 files changed

+75
-40
lines changed

javascript/ql/test/query-tests/Security/CWE-079/Xss.expected

Lines changed: 40 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -84,24 +84,24 @@ nodes
8484
| react-native.js:8:18:8:24 | tainted |
8585
| react-native.js:9:27:9:33 | tainted |
8686
| react-native.js:9:27:9:33 | tainted |
87-
| sanitiser.js:20:7:20:27 | tainted |
88-
| sanitiser.js:20:17:20:27 | window.name |
89-
| sanitiser.js:20:17:20:27 | window.name |
90-
| sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' |
91-
| sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' |
92-
| sanitiser.js:27:29:27:35 | tainted |
93-
| sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' |
94-
| sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' |
95-
| sanitiser.js:34:29:34:35 | tainted |
96-
| sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' |
97-
| sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' |
98-
| sanitiser.js:37:29:37:35 | tainted |
99-
| sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' |
100-
| sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' |
101-
| sanitiser.js:42:29:42:35 | tainted |
102-
| sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' |
103-
| sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' |
104-
| sanitiser.js:49:29:49:35 | tainted |
87+
| sanitiser.js:16:7:16:27 | tainted |
88+
| sanitiser.js:16:17:16:27 | window.name |
89+
| sanitiser.js:16:17:16:27 | window.name |
90+
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
91+
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
92+
| sanitiser.js:23:29:23:35 | tainted |
93+
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
94+
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
95+
| sanitiser.js:30:29:30:35 | tainted |
96+
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
97+
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
98+
| sanitiser.js:33:29:33:35 | tainted |
99+
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
100+
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
101+
| sanitiser.js:38:29:38:35 | tainted |
102+
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
103+
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
104+
| sanitiser.js:45:29:45:35 | tainted |
105105
| stored-xss.js:2:39:2:55 | document.location |
106106
| stored-xss.js:2:39:2:55 | document.location |
107107
| stored-xss.js:2:39:2:62 | documen ... .search |
@@ -532,23 +532,23 @@ edges
532532
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
533533
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
534534
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
535-
| sanitiser.js:20:7:20:27 | tainted | sanitiser.js:27:29:27:35 | tainted |
536-
| sanitiser.js:20:7:20:27 | tainted | sanitiser.js:34:29:34:35 | tainted |
537-
| sanitiser.js:20:7:20:27 | tainted | sanitiser.js:37:29:37:35 | tainted |
538-
| sanitiser.js:20:7:20:27 | tainted | sanitiser.js:42:29:42:35 | tainted |
539-
| sanitiser.js:20:7:20:27 | tainted | sanitiser.js:49:29:49:35 | tainted |
540-
| sanitiser.js:20:17:20:27 | window.name | sanitiser.js:20:7:20:27 | tainted |
541-
| sanitiser.js:20:17:20:27 | window.name | sanitiser.js:20:7:20:27 | tainted |
542-
| sanitiser.js:27:29:27:35 | tainted | sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' |
543-
| sanitiser.js:27:29:27:35 | tainted | sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' |
544-
| sanitiser.js:34:29:34:35 | tainted | sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' |
545-
| sanitiser.js:34:29:34:35 | tainted | sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' |
546-
| sanitiser.js:37:29:37:35 | tainted | sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' |
547-
| sanitiser.js:37:29:37:35 | tainted | sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' |
548-
| sanitiser.js:42:29:42:35 | tainted | sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' |
549-
| sanitiser.js:42:29:42:35 | tainted | sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' |
550-
| sanitiser.js:49:29:49:35 | tainted | sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' |
551-
| sanitiser.js:49:29:49:35 | tainted | sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' |
535+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted |
536+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted |
537+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted |
538+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted |
539+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted |
540+
| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted |
541+
| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted |
542+
| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
543+
| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
544+
| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
545+
| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
546+
| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
547+
| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
548+
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
549+
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
550+
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
551+
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
552552
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
553553
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
554554
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
@@ -869,11 +869,11 @@ edges
869869
| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | optionalSanitizer.js:26:16:26:32 | document.location | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | Cross-site scripting vulnerability due to $@. | optionalSanitizer.js:26:16:26:32 | document.location | user-provided value |
870870
| react-native.js:8:18:8:24 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:18:8:24 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
871871
| react-native.js:9:27:9:33 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:27:9:33 | tainted | Cross-site scripting vulnerability due to $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
872-
| sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' | sanitiser.js:20:17:20:27 | window.name | sanitiser.js:27:21:27:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:20:17:20:27 | window.name | user-provided value |
873-
| sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' | sanitiser.js:20:17:20:27 | window.name | sanitiser.js:34:21:34:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:20:17:20:27 | window.name | user-provided value |
874-
| sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' | sanitiser.js:20:17:20:27 | window.name | sanitiser.js:37:21:37:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:20:17:20:27 | window.name | user-provided value |
875-
| sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' | sanitiser.js:20:17:20:27 | window.name | sanitiser.js:42:21:42:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:20:17:20:27 | window.name | user-provided value |
876-
| sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' | sanitiser.js:20:17:20:27 | window.name | sanitiser.js:49:21:49:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:20:17:20:27 | window.name | user-provided value |
872+
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value |
873+
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value |
874+
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value |
875+
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value |
876+
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value |
877877
| stored-xss.js:5:20:5:52 | session ... ssion') | stored-xss.js:2:39:2:55 | document.location | stored-xss.js:5:20:5:52 | session ... ssion') | Cross-site scripting vulnerability due to $@. | stored-xss.js:2:39:2:55 | document.location | user-provided value |
878878
| stored-xss.js:8:20:8:48 | localSt ... local') | stored-xss.js:3:35:3:51 | document.location | stored-xss.js:8:20:8:48 | localSt ... local') | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:51 | document.location | user-provided value |
879879
| stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | stored-xss.js:3:35:3:51 | document.location | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | Cross-site scripting vulnerability due to $@. | stored-xss.js:3:35:3:51 | document.location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,24 @@ nodes
8484
| react-native.js:8:18:8:24 | tainted |
8585
| react-native.js:9:27:9:33 | tainted |
8686
| react-native.js:9:27:9:33 | tainted |
87+
| sanitiser.js:16:7:16:27 | tainted |
88+
| sanitiser.js:16:17:16:27 | window.name |
89+
| sanitiser.js:16:17:16:27 | window.name |
90+
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
91+
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
92+
| sanitiser.js:23:29:23:35 | tainted |
93+
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
94+
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
95+
| sanitiser.js:30:29:30:35 | tainted |
96+
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
97+
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
98+
| sanitiser.js:33:29:33:35 | tainted |
99+
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
100+
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
101+
| sanitiser.js:38:29:38:35 | tainted |
102+
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
103+
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
104+
| sanitiser.js:45:29:45:35 | tainted |
87105
| stored-xss.js:2:39:2:55 | document.location |
88106
| stored-xss.js:2:39:2:55 | document.location |
89107
| stored-xss.js:2:39:2:62 | documen ... .search |
@@ -518,6 +536,23 @@ edges
518536
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
519537
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
520538
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
539+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted |
540+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted |
541+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted |
542+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted |
543+
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted |
544+
| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted |
545+
| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted |
546+
| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
547+
| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' |
548+
| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
549+
| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' |
550+
| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
551+
| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' |
552+
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
553+
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
554+
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
555+
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
521556
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
522557
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
523558
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |

0 commit comments

Comments
 (0)