Skip to content

Commit 930a7b6

Browse files
asgerfasgerf
committed
JS: Update output changes to nodes/edges/subpaths
1 parent 7a77432 commit 930a7b6

File tree

2 files changed

+72
-18
lines changed

2 files changed

+72
-18
lines changed

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected

Lines changed: 36 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,9 @@ nodes
153153
| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") |
154154
| jquery.js:2:7:2:40 | tainted | semmle.label | tainted |
155155
| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search |
156+
| jquery.js:4:5:4:11 | tainted | semmle.label | tainted |
157+
| jquery.js:5:13:5:19 | tainted | semmle.label | tainted |
158+
| jquery.js:6:11:6:17 | tainted | semmle.label | tainted |
156159
| jquery.js:7:5:7:34 | "<div i ... + "\\">" | semmle.label | "<div i ... + "\\">" |
157160
| jquery.js:7:20:7:26 | tainted | semmle.label | tainted |
158161
| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted |
@@ -321,6 +324,9 @@ nodes
321324
| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name |
322325
| tooltip.jsx:10:25:10:30 | source | semmle.label | source |
323326
| tooltip.jsx:11:25:11:30 | source | semmle.label | source |
327+
| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] |
328+
| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] |
329+
| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] |
324330
| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() |
325331
| tooltip.jsx:22:11:22:30 | source | semmle.label | source |
326332
| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name |
@@ -491,6 +497,7 @@ nodes
491497
| tst.js:355:10:355:42 | target | semmle.label | target |
492498
| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search |
493499
| tst.js:356:16:356:21 | target | semmle.label | target |
500+
| tst.js:357:20:357:25 | target | semmle.label | target |
494501
| tst.js:360:21:360:26 | target | semmle.label | target |
495502
| tst.js:363:18:363:23 | target | semmle.label | target |
496503
| tst.js:371:7:371:39 | target | semmle.label | target |
@@ -725,13 +732,20 @@ edges
725732
| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | |
726733
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | provenance | |
727734
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | provenance | Config |
735+
| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted | provenance | |
736+
| jquery.js:2:7:2:40 | tainted | jquery.js:5:13:5:19 | tainted | provenance | |
737+
| jquery.js:2:7:2:40 | tainted | jquery.js:6:11:6:17 | tainted | provenance | |
728738
| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | |
729739
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | |
730740
| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | |
731-
| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | provenance | |
732741
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | |
742+
| jquery.js:4:5:4:11 | tainted | jquery.js:5:13:5:19 | tainted | provenance | |
743+
| jquery.js:5:13:5:19 | tainted | jquery.js:6:11:6:17 | tainted | provenance | |
744+
| jquery.js:6:11:6:17 | tainted | jquery.js:7:20:7:26 | tainted | provenance | |
733745
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" | provenance | Config |
746+
| jquery.js:7:20:7:26 | tainted | jquery.js:8:28:8:34 | tainted | provenance | |
734747
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | |
748+
| jquery.js:8:28:8:34 | tainted | jquery.js:36:25:36:31 | tainted | provenance | |
735749
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | |
736750
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" | provenance | Config |
737751
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | |
@@ -752,6 +766,7 @@ edges
752766
| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config |
753767
| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config |
754768
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' | provenance | Config |
769+
| jquery.js:36:25:36:31 | tainted | jquery.js:37:31:37:37 | tainted | provenance | |
755770
| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config |
756771
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | |
757772
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | |
@@ -863,9 +878,12 @@ edges
863878
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | |
864879
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | |
865880
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | |
866-
| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | provenance | |
881+
| tooltip.jsx:17:11:17:33 | provide [source] | tooltip.jsx:18:51:18:57 | provide [source] | provenance | |
882+
| tooltip.jsx:17:21:17:33 | props.provide [source] | tooltip.jsx:17:11:17:33 | provide [source] | provenance | |
883+
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:18:51:18:59 | provide() | provenance | |
884+
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | provenance | |
885+
| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:17:21:17:33 | props.provide [source] | provenance | |
867886
| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | |
868-
| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | provenance | |
869887
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | |
870888
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | |
871889
| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | |
@@ -964,24 +982,30 @@ edges
964982
| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | |
965983
| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | |
966984
| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | |
967-
| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | provenance | |
968-
| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | provenance | |
969-
| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | provenance | |
970-
| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | provenance | |
971985
| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | |
972986
| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | |
973987
| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | |
974988
| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | |
975989
| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
976990
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | |
991+
| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | |
992+
| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | |
993+
| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | |
994+
| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | |
995+
| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | |
996+
| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | |
977997
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | |
978998
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | |
979999
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | |
9801000
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | |
9811001
| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | |
1002+
| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | |
9821003
| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | |
1004+
| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | |
9831005
| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | |
1006+
| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | |
9841007
| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | |
1008+
| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
9851009
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | |
9861010
| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | |
9871011
| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | |
@@ -1003,9 +1027,11 @@ edges
10031027
| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | |
10041028
| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | |
10051029
| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | |
1006-
| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | provenance | |
1007-
| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | provenance | |
1030+
| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | |
10081031
| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | |
1032+
| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | |
1033+
| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | |
1034+
| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | |
10091035
| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | |
10101036
| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | |
10111037
| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | |
@@ -1116,6 +1142,7 @@ subpaths
11161142
| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) |
11171143
| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) |
11181144
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
1145+
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() |
11191146
| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | tst.js:40:16:40:44 | baz(doc ... search) |
11201147
| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | tst.js:46:16:46:45 | wrap(do ... search) |
11211148
| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) |

0 commit comments

Comments
 (0)