Skip to content

Commit 1ca57cf

Browse files
committed
JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results
1 parent c71778f commit 1ca57cf

File tree

2 files changed

+35
-1
lines changed

2 files changed

+35
-1
lines changed

javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,18 @@ nodes
139139
| passwords.js:176:17:176:26 | myPasscode |
140140
| passwords.js:176:17:176:26 | myPasscode |
141141
| passwords.js:176:17:176:26 | myPasscode |
142+
| passwords.js:181:14:181:21 | password |
143+
| passwords.js:181:14:181:21 | password |
144+
| passwords.js:181:14:181:56 | passwor ... ), "*") |
145+
| passwords.js:181:14:181:56 | passwor ... ), "*") |
146+
| passwords.js:182:14:182:21 | password |
147+
| passwords.js:182:14:182:21 | password |
148+
| passwords.js:182:14:182:51 | passwor ... ), "*") |
149+
| passwords.js:182:14:182:51 | passwor ... ), "*") |
150+
| passwords.js:183:14:183:21 | password |
151+
| passwords.js:183:14:183:21 | password |
152+
| passwords.js:183:14:183:67 | passwor ... ), "*") |
153+
| passwords.js:183:14:183:67 | passwor ... ), "*") |
142154
| passwords_in_browser1.js:2:13:2:20 | password |
143155
| passwords_in_browser1.js:2:13:2:20 | password |
144156
| passwords_in_browser1.js:2:13:2:20 | password |
@@ -285,6 +297,18 @@ edges
285297
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") |
286298
| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword |
287299
| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode |
300+
| passwords.js:181:14:181:21 | password | passwords.js:181:14:181:56 | passwor ... ), "*") |
301+
| passwords.js:181:14:181:21 | password | passwords.js:181:14:181:56 | passwor ... ), "*") |
302+
| passwords.js:181:14:181:21 | password | passwords.js:181:14:181:56 | passwor ... ), "*") |
303+
| passwords.js:181:14:181:21 | password | passwords.js:181:14:181:56 | passwor ... ), "*") |
304+
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
305+
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
306+
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
307+
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
308+
| passwords.js:183:14:183:21 | password | passwords.js:183:14:183:67 | passwor ... ), "*") |
309+
| passwords.js:183:14:183:21 | password | passwords.js:183:14:183:67 | passwor ... ), "*") |
310+
| passwords.js:183:14:183:21 | password | passwords.js:183:14:183:67 | passwor ... ), "*") |
311+
| passwords.js:183:14:183:21 | password | passwords.js:183:14:183:67 | passwor ... ), "*") |
288312
| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password |
289313
| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password |
290314
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password |
@@ -332,6 +356,9 @@ edges
332356
| passwords.js:170:11:170:39 | passwor ... g, "*") | passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:170:11:170:18 | password | an access to password |
333357
| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword | This logs sensitive data returned by $@ as clear text. | passwords.js:173:17:173:26 | myPassword | an access to myPassword |
334358
| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode | This logs sensitive data returned by $@ as clear text. | passwords.js:176:17:176:26 | myPasscode | an access to myPasscode |
359+
| passwords.js:181:14:181:56 | passwor ... ), "*") | passwords.js:181:14:181:21 | password | passwords.js:181:14:181:56 | passwor ... ), "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:181:14:181:21 | password | an access to password |
360+
| passwords.js:182:14:182:51 | passwor ... ), "*") | passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:182:14:182:21 | password | an access to password |
361+
| passwords.js:183:14:183:67 | passwor ... ), "*") | passwords.js:183:14:183:21 | password | passwords.js:183:14:183:67 | passwor ... ), "*") | This logs sensitive data returned by $@ as clear text. | passwords.js:183:14:183:21 | password | an access to password |
335362
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_1.js:6:13:6:20 | password | an access to password |
336363
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_2.js:3:13:3:20 | password | an access to password |
337364
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | This logs sensitive data returned by $@ as clear text. | passwords_in_server_3.js:2:13:2:20 | password | an access to password |

javascript/ql/test/query-tests/Security/CWE-312/passwords.js

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,4 +174,11 @@ const debug = require('debug')('test');
174174

175175
const myPasscode = foo();
176176
console.log(myPasscode); // NOT OK
177-
});
177+
});
178+
179+
(function () {
180+
console.log(password.replace(/./g, "*")); // OK
181+
console.log(password.replace(new RegExp(".", "g"), "*")); // OK -- Currently flagged, though it shouldn't be
182+
console.log(password.replace(new RegExp("."), "*")); // NOT OK
183+
console.log(password.replace(new RegExp(".", unknownFlags()), "*")); // OK -- Currently flagged, though maybe it should not be.
184+
})();

0 commit comments

Comments
 (0)