Skip to content

Commit f8dc7eb

Browse files
asgerfasgerf
committed
JS: Update output from tests that changed on main
1 parent 4a6030c commit f8dc7eb

File tree

9 files changed

+128
-6
lines changed

9 files changed

+128
-6
lines changed

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,22 @@ nodes
134134
| TaintedPath.js:196:31:196:34 | path | semmle.label | path |
135135
| TaintedPath.js:197:45:197:48 | path | semmle.label | path |
136136
| TaintedPath.js:198:35:198:38 | path | semmle.label | path |
137+
| TaintedPath.js:202:7:202:48 | path | semmle.label | path |
138+
| TaintedPath.js:202:14:202:37 | url.par ... , true) | semmle.label | url.par ... , true) |
139+
| TaintedPath.js:202:14:202:43 | url.par ... ).query | semmle.label | url.par ... ).query |
140+
| TaintedPath.js:202:14:202:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
141+
| TaintedPath.js:202:24:202:30 | req.url | semmle.label | req.url |
142+
| TaintedPath.js:206:29:206:32 | path | semmle.label | path |
143+
| TaintedPath.js:206:29:206:85 | path.re ... '), '') | semmle.label | path.re ... '), '') |
144+
| TaintedPath.js:211:7:211:48 | path | semmle.label | path |
145+
| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) |
146+
| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query |
147+
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
148+
| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url |
149+
| TaintedPath.js:213:29:213:32 | path | semmle.label | path |
150+
| TaintedPath.js:213:29:213:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
151+
| TaintedPath.js:216:31:216:34 | path | semmle.label | path |
152+
| TaintedPath.js:216:31:216:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
137153
| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
138154
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
139155
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |
@@ -614,6 +630,20 @@ edges
614630
| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config |
615631
| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance | |
616632
| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config |
633+
| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | provenance | |
634+
| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | provenance | Config |
635+
| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | provenance | Config |
636+
| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | provenance | |
637+
| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | provenance | Config |
638+
| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | provenance | Config |
639+
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | provenance | |
640+
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | provenance | |
641+
| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config |
642+
| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config |
643+
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | |
644+
| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config |
645+
| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | provenance | Config |
646+
| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | provenance | Config |
617647
| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | |
618648
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config |
619649
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config |
@@ -965,6 +995,9 @@ subpaths
965995
| TaintedPath.js:196:31:196:34 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:196:31:196:34 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
966996
| TaintedPath.js:197:45:197:48 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:197:45:197:48 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
967997
| TaintedPath.js:198:35:198:38 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:198:35:198:38 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
998+
| TaintedPath.js:206:29:206:85 | path.re ... '), '') | TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:206:29:206:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:202:24:202:30 | req.url | user-provided value |
999+
| TaintedPath.js:213:29:213:68 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:29:213:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
1000+
| TaintedPath.js:216:31:216:69 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:216:31:216:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
9681001
| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
9691002
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
9701003
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |

javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,11 @@ edges
131131
| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | provenance | |
132132
| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | provenance | |
133133
| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | provenance | |
134+
| lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:27 | name | provenance | |
135+
| lib/lib.js:633:6:633:68 | sanitized | lib/lib.js:634:22:634:30 | sanitized | provenance | |
136+
| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | provenance | |
137+
| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | provenance | |
138+
| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | lib/lib.js:633:6:633:68 | sanitized | provenance | |
134139
| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | provenance | |
135140
| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | provenance | |
136141
| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | provenance | |
@@ -322,6 +327,12 @@ nodes
322327
| lib/lib.js:609:22:609:25 | name | semmle.label | name |
323328
| lib/lib.js:626:29:626:32 | name | semmle.label | name |
324329
| lib/lib.js:629:25:629:28 | name | semmle.label | name |
330+
| lib/lib.js:632:38:632:41 | name | semmle.label | name |
331+
| lib/lib.js:633:6:633:68 | sanitized | semmle.label | sanitized |
332+
| lib/lib.js:633:24:633:27 | name | semmle.label | name |
333+
| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | semmle.label | name.re ... '\\\\''") |
334+
| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | semmle.label | name.re ... '\\\\''") |
335+
| lib/lib.js:634:22:634:30 | sanitized | semmle.label | sanitized |
325336
| lib/subLib2/compiled-file.ts:3:26:3:29 | name | semmle.label | name |
326337
| lib/subLib2/compiled-file.ts:4:25:4:28 | name | semmle.label | name |
327338
| lib/subLib2/special-file.js:3:28:3:31 | name | semmle.label | name |
@@ -442,6 +453,8 @@ subpaths
442453
| lib/lib.js:609:10:609:25 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:609:2:609:26 | cp.exec ... + name) | shell command |
443454
| lib/lib.js:626:17:626:32 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:626:9:626:33 | cp.exec ... + name) | shell command |
444455
| lib/lib.js:629:13:629:28 | "rm -rf " + name | lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:608:42:608:45 | name | library input | lib/lib.js:629:5:629:29 | cp.exec ... + name) | shell command |
456+
| lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command |
457+
| lib/lib.js:634:10:634:30 | "rm -rf ... nitized | lib/lib.js:632:38:632:41 | name | lib/lib.js:634:22:634:30 | sanitized | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:632:38:632:41 | name | library input | lib/lib.js:634:2:634:31 | cp.exec ... itized) | shell command |
445458
| lib/subLib2/compiled-file.ts:4:13:4:28 | "rm -rf " + name | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/compiled-file.ts:3:26:3:29 | name | library input | lib/subLib2/compiled-file.ts:4:5:4:29 | cp.exec ... + name) | shell command |
446459
| lib/subLib2/special-file.js:4:10:4:25 | "rm -rf " + name | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib2/special-file.js:3:28:3:31 | name | library input | lib/subLib2/special-file.js:4:2:4:26 | cp.exec ... + name) | shell command |
447460
| lib/subLib3/my-file.ts:4:10:4:25 | "rm -rf " + name | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/subLib3/my-file.ts:3:28:3:31 | name | library input | lib/subLib3/my-file.ts:4:2:4:26 | cp.exec ... + name) | shell command |

0 commit comments

Comments
 (0)