From 0eccd902c2c54cce1767c8b3aedc96fbb5163f8e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 4 Mar 2026 11:41:34 +0000 Subject: [PATCH] js: Inline expectation should have space after $ This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `. --- .../frameworks/WebSocket/browser.js | 20 ++--- .../frameworks/WebSocket/client.js | 6 +- .../frameworks/WebSocket/server.js | 8 +- .../frameworks/WebSocket/sockjs.js | 8 +- .../SuspiciousMethodNameDeclaration/tst.ts | 22 ++--- .../UnhandledErrorInStreamPipeline/test.js | 48 +++++------ .../UnhandledErrorInStreamPipeline/tst.js | 16 ++-- .../Security/CWE-022/TaintedPath/execa.js | 10 +-- .../CWE-078/CommandInjection/execa.js | 38 ++++----- .../Security/CWE-918/serverSide.js | 80 +++++++++---------- .../Security/CWE-918/serverSide2.js | 24 +++--- .../LoopIterationSkippedDueToShifting/tst.js | 32 ++++---- 12 files changed, 156 insertions(+), 156 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index 4d82c113e08..f1063ff638d 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -1,34 +1,34 @@ (function () { - const socket = new WebSocket('ws://localhost:8080'); // $clientSocket + const socket = new WebSocket('ws://localhost:8080'); // $ clientSocket socket.addEventListener('open', function (event) { - socket.send('Hi from browser!'); // $clientSend + socket.send('Hi from browser!'); // $ clientSend }); socket.addEventListener('message', function (event) { console.log('Message from server ', event.data); // $ remoteFlow - }); // $clientReceive + }); // $ clientReceive socket.onmessage = function (event) { console.log("Message from server 2", event.data); // $ remoteFlow - }; // $clientReceive + }; // $ clientReceive })(); (function () { - var sock = new SockJS('http://0.0.0.0:9999/echo'); // $clientSocket + var sock = new SockJS('http://0.0.0.0:9999/echo'); // $ clientSocket sock.onopen = function () { - sock.send('test'); // $clientSend + sock.send('test'); // $ clientSend }; - + sock.onmessage = function (e) { console.log('message', e.data); // $ remoteFlow sock.close(); - }; // $clientReceive - + }; // $ clientReceive + sock.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); // $ remoteFlow - }); // $clientReceive + }); // $ clientReceive })(); export const MyWebSocket = WebSocket; diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index 7061d51a954..89d31052fd7 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -1,15 +1,15 @@ const WebSocket = require('ws'); (function () { - const ws = new WebSocket('ws://example.org'); // $clientSocket + const ws = new WebSocket('ws://example.org'); // $ clientSocket ws.on('open', function open() { - ws.send('Hi from client!'); // $clientSend + ws.send('Hi from client!'); // $ clientSend }); ws.on('message', function incoming(data) { // $ remoteFlow console.log(data); - }); // $clientReceive + }); // $ clientReceive })(); module.exports.MyWebSocketWS = require('ws'); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index a1fd536501e..44e0068a537 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -3,12 +3,12 @@ const WebSocket = require('ws'); (function () { const wss = new WebSocket.Server({ port: 8080 }); - wss.on('connection', function connection(ws) { // $serverSocket - ws.on('message', function incoming(message) { // $remoteFlow + wss.on('connection', function connection(ws) { // $ serverSocket + ws.on('message', function incoming(message) { // $ remoteFlow console.log('received: %s', message); - }); // $serverReceive + }); // $ serverReceive - ws.send('Hi from server!'); // $serverSend + ws.send('Hi from server!'); // $ serverSend }); })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js index 4b599cf5fed..ae8e8285ef4 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js @@ -5,11 +5,11 @@ const sockjs = require('sockjs'); const app = express(); const server = http.createServer(app); const sockjs_echo = sockjs.createServer({}); -sockjs_echo.on('connection', function (conn) { // $serverSocket - conn.on('data', function (message) { // $remoteFlow +sockjs_echo.on('connection', function (conn) { // $ serverSocket + conn.on('data', function (message) { // $ remoteFlow var data = JSON.parse(message); - conn.write(JSON.stringify(eval(data.test))); // $serverSend - }); // $serverReceive + conn.write(JSON.stringify(eval(data.test))); // $ serverSend + }); // $ serverReceive }); sockjs_echo.installHandlers(server, { prefix: '/echo' }); diff --git a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodNameDeclaration/tst.ts b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodNameDeclaration/tst.ts index 12a6087b3a3..307a1e0bbe2 100644 --- a/javascript/ql/test/query-tests/Declarations/SuspiciousMethodNameDeclaration/tst.ts +++ b/javascript/ql/test/query-tests/Declarations/SuspiciousMethodNameDeclaration/tst.ts @@ -7,7 +7,7 @@ interface MyInterface { constructor(): string; // $ Alert - This a called "constructor" new(): Date; // OK - This a constructor signature. - myNumber: 123; + myNumber: 123; } var a : MyFunction = null as any; @@ -25,7 +25,7 @@ class Foo { } myString = "foobar" - + myMethod(): boolean { return Math.random() > 0.5; } @@ -71,17 +71,17 @@ class StaticMethods { } interface Overloaded { - function(x: string): string; // $Alert - function(x: number): number; // $Alert - function(x: any): any; // $Alert + function(x: string): string; // $ Alert + function(x: number): number; // $ Alert + function(x: any): any; // $ Alert } abstract class AbstractFoo { - abstract new(): void; // $Alert + abstract new(): void; // $ Alert } abstract class AbstractFooFunction { - abstract function(): number; // $Alert + abstract function(): number; // $ Alert } abstract class AbstractFooConstructor { @@ -90,12 +90,12 @@ abstract class AbstractFooConstructor { declare module "some-module" { interface ModuleInterface { - function(): void; // $Alert + function(): void; // $ Alert } } type Intersection = { - function(): number; // $Alert + function(): number; // $ Alert } & { other(): string; }; @@ -107,13 +107,13 @@ type Union = { }; type Union2 = { - constructor(): number; // $Alert + constructor(): number; // $ Alert } | { valid(): string; }; type Intersection2 = { - constructor(): number; // $Alert + constructor(): number; // $ Alert } & { other(): string; }; diff --git a/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/test.js b/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/test.js index a253f7edf00..d3b23d519d6 100644 --- a/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/test.js +++ b/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/test.js @@ -1,7 +1,7 @@ function test() { { const stream = getStream(); - stream.pipe(destination).on("error", e); // $Alert + stream.pipe(destination).on("error", e); // $ Alert } { const stream = getStream(); @@ -16,7 +16,7 @@ function test() { { const stream = getStream(); const s2 = stream; - s2.pipe(dest).on("error", e); // $Alert + s2.pipe(dest).on("error", e); // $ Alert } { const stream = getStream(); @@ -33,7 +33,7 @@ function test() { { const s = getStream().on('error', handler); const d = getDest(); - s.pipe(d); + s.pipe(d); } { getStream().on('error', handler).pipe(dest); @@ -42,12 +42,12 @@ function test() { const stream = getStream(); stream.on('error', handleError); const stream2 = stream.pipe(destination); - stream2.pipe(destination2).on("error", e); // $Alert + stream2.pipe(destination2).on("error", e); // $ Alert } { const stream = getStream(); stream.on('error', handleError); - const destination = getDest(); + const destination = getDest(); destination.on('error', handleError); const stream2 = stream.pipe(destination); const s3 = stream2; @@ -57,13 +57,13 @@ function test() { const stream = getStream(); stream.on('error', handleError); const stream2 = stream.pipe(destination); - stream2.pipe(destination2).on("error", e); // $Alert + stream2.pipe(destination2).on("error", e); // $ Alert } { // Error handler on destination instead of source const stream = getStream(); const dest = getDest(); dest.on('error', handler); - stream.pipe(dest).on("error", e); // $Alert + stream.pipe(dest).on("error", e); // $ Alert } { // Multiple aliases, error handler on one const stream = getStream(); @@ -76,7 +76,7 @@ function test() { const stream = getStream(); const s2 = stream.pipe(destination1); stream.on('error', handleError); - s2.pipe(destination2).on("error", e); // $Alert + s2.pipe(destination2).on("error", e); // $ Alert } { // Handler registered via .once const stream = getStream(); @@ -91,24 +91,24 @@ function test() { { // Handler registered for unrelated event const stream = getStream(); stream.on('close', handleClose); - stream.pipe(dest).on("error", e); // $Alert + stream.pipe(dest).on("error", e); // $ Alert } { // Error handler registered after pipe, but before error const stream = getStream(); stream.pipe(dest); - setTimeout(() => stream.on('error', handleError), 8000); // $MISSING:Alert + setTimeout(() => stream.on('error', handleError), 8000); // $ MISSING:Alert } { // Pipe in a function, error handler outside const stream = getStream(); - function doPipe(s) { s.pipe(dest); } + function doPipe(s) { s.pipe(dest); } stream.on('error', handleError); doPipe(stream); } { // Pipe in a function, error handler not set const stream = getStream(); - function doPipe(s) { - f = s.pipe(dest); // $Alert - f.on("error", e); + function doPipe(s) { + f = s.pipe(dest); // $ Alert + f.on("error", e); } doPipe(stream); } @@ -116,7 +116,7 @@ function test() { const stream = getStream(); const event = 'error'; stream.on(event, handleError); - stream.pipe(dest).on("error", e); // $SPURIOUS:Alert + stream.pipe(dest).on("error", e); // $ SPURIOUS:Alert } { // Handler assigned via variable property const stream = getStream(); @@ -125,7 +125,7 @@ function test() { stream.pipe(dest); } { // Pipe with no intermediate variable, no error handler - getStream().pipe(dest).on("error", e); // $Alert + getStream().pipe(dest).on("error", e); // $ Alert } { // Handler set via .addListener synonym const stream = getStream(); @@ -143,7 +143,7 @@ function test() { } { // Long chained pipe without error handler const stream = getStream(); - stream.pause().setEncoding('utf8').resume().pipe(writable).on("error", e); // $Alert + stream.pause().setEncoding('utf8').resume().pipe(writable).on("error", e); // $ Alert } { // Long chained pipe without error handler const stream = getStream(); @@ -157,13 +157,13 @@ function test() { const notStream = getNotAStream(); const result = notStream.pipe(writable); const dealWithResult = (result) => { result.subscribe(); }; - dealWithResult(result); + dealWithResult(result); } { // Non-stream with pipe method that returns subscribable object (Streams do not have subscribe method) const notStream = getNotAStream(); const pipeIt = (someVariable) => { return someVariable.pipe(something); }; let x = pipeIt(notStream); - x.subscribe(); + x.subscribe(); } { // Calling custom pipe method with no arguments const notStream = getNotAStream(); @@ -179,7 +179,7 @@ function test() { } { // Member access on a stream after pipe const notStream = getNotAStream(); - const val = notStream.pipe(writable).on("error", e).readable; // $Alert + const val = notStream.pipe(writable).on("error", e).readable; // $ Alert } { // Method access on a non-stream after pipe const notStream = getNotAStream(); @@ -189,14 +189,14 @@ function test() { const fs = require('fs'); const stream = fs.createReadStream('file.txt'); const copyStream = stream; - copyStream.pipe(destination).on("error", e); // $Alert + copyStream.pipe(destination).on("error", e); // $ Alert } { const notStream = getNotAStream(); const something = notStream.someNotStreamPropertyAccess; const val = notStream.pipe(writable); } - { + { const notStream = getNotAStream(); const something = notStream.someNotStreamPropertyAccess(); const val = notStream.pipe(writable); @@ -207,7 +207,7 @@ function test() { } { const notStream = getNotAStream(); - notStream.pipe(()=>{}); + notStream.pipe(() => { }); } { const plumber = require('gulp-plumber'); @@ -230,6 +230,6 @@ function test() { } { const notStream = getNotAStream(); - notStream.pipe(getStream(),()=>{}); + notStream.pipe(getStream(), () => { }); } } diff --git a/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/tst.js b/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/tst.js index 46bf969255f..c8e53c4f73e 100644 --- a/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/tst.js +++ b/javascript/ql/test/query-tests/Quality/UnhandledErrorInStreamPipeline/tst.js @@ -1,11 +1,11 @@ const fs = require('fs'); const zlib = require('zlib'); -function foo(){ +function foo() { const source = fs.createReadStream('input.txt'); const gzip = zlib.createGzip(); const destination = fs.createWriteStream('output.txt.gz'); - source.pipe(gzip).pipe(destination); // $Alert + source.pipe(gzip).pipe(destination); // $ Alert gzip.on('error', e); } class StreamWrapper { @@ -34,14 +34,14 @@ function zip1() { function zip2() { const zipStream = createWriteStream(zipPath); let wrapper = new StreamWrapper(); - let outStream = wrapper.outputStream.pipe(zipStream); // $Alert + let outStream = wrapper.outputStream.pipe(zipStream); // $ Alert outStream.on('error', e); } function zip3() { const zipStream = createWriteStream(zipPath); let wrapper = new StreamWrapper(); - wrapper.outputStream.pipe(zipStream); // $Alert + wrapper.outputStream.pipe(zipStream); // $ Alert zipStream.on('error', e); } @@ -49,14 +49,14 @@ function zip3() { const zipStream = createWriteStream(zipPath); let wrapper = new StreamWrapper(); let source = getStream(); - source.pipe(wrapper.outputStream); // $Alert + source.pipe(wrapper.outputStream); // $ Alert wrapper.outputStream.on('error', e); } function zip4() { const zipStream = createWriteStream(zipPath); let stream = getStream(); - let output = stream.pipe(zipStream); // $Alert + let output = stream.pipe(zipStream); // $ Alert output.on('error', e); } @@ -89,7 +89,7 @@ class StreamWrapper3 { function zip5() { const zipStream = createWriteStream(zipPath); let wrapper = new StreamWrapper3(); - wrapper.pipeIt(zipStream); // $MISSING:Alert + wrapper.pipeIt(zipStream); // $ MISSING:Alert zipStream.on('error', e); } function zip6() { @@ -108,6 +108,6 @@ function zip7() { const zipStream = createWriteStream(zipPath); let stream = getStream(); registerErr(stream, e); - stream.pipe(zipStream); // $SPURIOUS:Alert + stream.pipe(zipStream); // $ SPURIOUS:Alert zipStream.on('error', e); } diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js index 8fcfdd42c67..76c1b0b305f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/execa.js @@ -3,17 +3,17 @@ import http from 'node:http' import url from 'url' http.createServer(async function (req, res) { - let filePath = url.parse(req.url, true).query["filePath"][0]; // $Source + let filePath = url.parse(req.url, true).query["filePath"][0]; // $ Source // Piping to stdin from a file - await $({ inputFile: filePath })`cat` // $Alert + await $({ inputFile: filePath })`cat` // $ Alert // Piping to stdin from a file - await execa('cat', { inputFile: filePath }); // $Alert + await execa('cat', { inputFile: filePath }); // $ Alert // Piping Stdout to file - await execa('echo', ['example3']).pipeStdout(filePath); // $Alert + await execa('echo', ['example3']).pipeStdout(filePath); // $ Alert // Piping all of command output to file - await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // $Alert + await execa('echo', ['example4'], { all: true }).pipeAll(filePath); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js index ed7f8832f9c..c78c1f56da5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/execa.js @@ -3,33 +3,33 @@ import http from 'node:http' import url from 'url' http.createServer(async function (req, res) { - let cmd = url.parse(req.url, true).query["cmd"][0]; // $Source - let arg1 = url.parse(req.url, true).query["arg1"]; // $Source - let arg2 = url.parse(req.url, true).query["arg2"]; // $Source - let arg3 = url.parse(req.url, true).query["arg3"]; // $Source + let cmd = url.parse(req.url, true).query["cmd"][0]; // $ Source + let arg1 = url.parse(req.url, true).query["arg1"]; // $ Source + let arg2 = url.parse(req.url, true).query["arg2"]; // $ Source + let arg3 = url.parse(req.url, true).query["arg3"]; // $ Source - await $`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert + await $`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert await $`ssh ${arg1} ${arg2} ${arg3}`; // safely escapes variables, preventing shell injection. - $({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert - $({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert + $({ shell: false }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert + $({ shell: true }).sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert $({ shell: false }).sync`ssh ${arg1} ${arg2} ${arg3}`; // safely escapes variables, preventing shell injection. - $.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert + $.sync`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert $.sync`ssh ${arg1} ${arg2} ${arg3}`; // safely escapes variables, preventing shell injection. - await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert - await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}`; // $Alert + await $({ shell: true })`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert + await $({ shell: false })`${cmd} ${arg1} ${arg2} ${arg3}`; // $ Alert await $({ shell: false })`ssh ${arg1} ${arg2} ${arg3}`; // safely escapes variables, preventing shell injection. - await execa(cmd, [arg1, arg2, arg3]); // $Alert - await execa(cmd, { shell: true }); // $Alert - await execa(cmd, [arg1, arg2, arg3], { shell: true }); // $Alert + await execa(cmd, [arg1, arg2, arg3]); // $ Alert + await execa(cmd, { shell: true }); // $ Alert + await execa(cmd, [arg1, arg2, arg3], { shell: true }); // $ Alert - execaSync(cmd, [arg1, arg2, arg3]); // $Alert - execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // $Alert + execaSync(cmd, [arg1, arg2, arg3]); // $ Alert + execaSync(cmd, [arg1, arg2, arg3], { shell: true }); // $ Alert - await execaCommand(cmd + arg1 + arg2 + arg3); // $Alert - await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // $Alert + await execaCommand(cmd + arg1 + arg2 + arg3); // $ Alert + await execaCommand(cmd + arg1 + arg2 + arg3, { shell: true }); // $ Alert - execaCommandSync(cmd + arg1 + arg2 + arg3); // $Alert - execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // $Alert + execaCommandSync(cmd + arg1 + arg2 + arg3); // $ Alert + execaCommandSync(cmd + arg1 + arg2 + arg3, { shell: true }); // $ Alert }); diff --git a/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js b/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js index c578b268e40..38f2bb72ac3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js +++ b/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js @@ -10,7 +10,7 @@ import url from 'url'; let XhrIo = goog.require('goog.net.XhrIo'); let Uri = goog.require('goog.Uri'); -var server = http.createServer(function(req, res) { +var server = http.createServer(function (req, res) { var tainted = url.parse(req.url, true).query.url; // $ Source[js/request-forgery] request("example.com"); @@ -31,7 +31,7 @@ var server = http.createServer(function(req, res) { request("http://example.com/?" + tainted); - http.get(relativeUrl, {host: tainted}); // $ Alert[js/request-forgery] + http.get(relativeUrl, { host: tainted }); // $ Alert[js/request-forgery] XhrIo.send(new Uri(tainted)); // $ Alert[js/request-forgery] new XhrIo().send(new Uri(tainted)); // $ Alert[js/request-forgery] @@ -54,23 +54,23 @@ var server = http.createServer(function(req, res) { }) var CDP = require("chrome-remote-interface"); -var server = http.createServer(async function(req, res) { +var server = http.createServer(async function (req, res) { var tainted = url.parse(req.url, true).query.url; // $ Source[js/request-forgery] var client = await CDP(options); - client.Page.navigate({url: tainted}); // $ Alert[js/request-forgery] - - CDP(options).catch((ignored) => {}).then((client) => { - client.Page.navigate({url: tainted}); // $ Alert[js/request-forgery] - }) - - CDP(options, (client) => { - client.Page.navigate({url: tainted}); // $ Alert[js/request-forgery] - }); + client.Page.navigate({ url: tainted }); // $ Alert[js/request-forgery] + + CDP(options).catch((ignored) => { }).then((client) => { + client.Page.navigate({ url: tainted }); // $ Alert[js/request-forgery] + }) + + CDP(options, (client) => { + client.Page.navigate({ url: tainted }); // $ Alert[js/request-forgery] + }); }) -import {JSDOM} from "jsdom"; -var server = http.createServer(async function(req, res) { +import { JSDOM } from "jsdom"; +var server = http.createServer(async function (req, res) { var tainted = url.parse(req.url, true).query.url; // $ Source[js/request-forgery] JSDOM.fromURL(tainted); // $ Alert[js/request-forgery] @@ -93,8 +93,8 @@ router.get('/', async (ctx, next) => { }); app.use(router.routes()); -import {JSDOM} from "jsdom"; -var server = http.createServer(async function(req, res) { +import { JSDOM } from "jsdom"; +var server = http.createServer(async function (req, res) { var tainted = url.parse(req.url, true).query.url; // $ Source[js/request-forgery] new WebSocket(tainted); // $ Alert[js/request-forgery] @@ -103,23 +103,23 @@ var server = http.createServer(async function(req, res) { import * as ws from 'ws'; -new ws.Server({ port: 8080 }).on('connection', function(socket, request) { - socket.on('message', function(message) { - const url = request.url; // $ Source[js/request-forgery] - const socket = new ws(url); // $ Alert[js/request-forgery] - }); +new ws.Server({ port: 8080 }).on('connection', function (socket, request) { + socket.on('message', function (message) { + const url = request.url; // $ Source[js/request-forgery] + const socket = new ws(url); // $ Alert[js/request-forgery] + }); }); new ws.Server({ port: 8080 }).on('connection', function (socket, request) { - socket.on('message', function (message) { - const url = new URL(request.url, base); // $ Source[js/request-forgery] - const target = new URL(url.pathname, base); - const socket = new ws(url); // $ Alert[js/request-forgery] - }); + socket.on('message', function (message) { + const url = new URL(request.url, base); // $ Source[js/request-forgery] + const target = new URL(url.pathname, base); + const socket = new ws(url); // $ Alert[js/request-forgery] + }); }); -var server2 = http.createServer(function(req, res) { +var server2 = http.createServer(function (req, res) { var tainted = url.parse(req.url, true).query.url; // $ Source[js/request-forgery] axios({ @@ -127,22 +127,22 @@ var server2 = http.createServer(function(req, res) { url: tainted // $ Sink[js/request-forgery] }) // $ Alert[js/request-forgery] - var myUrl = `${something}/bla/${tainted}`; + var myUrl = `${something}/bla/${tainted}`; axios.get(myUrl); // $ Alert[js/request-forgery] - var myEncodedUrl = `${something}/bla/${encodeURIComponent(tainted)}`; + var myEncodedUrl = `${something}/bla/${encodeURIComponent(tainted)}`; axios.get(myEncodedUrl); }) -var server2 = http.createServer(function(req, res) { - const { URL } = require('url'); - const input = req.query.url; // $Source[js/request-forgery] - const target = new URL(input); - axios.get(target.toString()); // $Alert[js/request-forgery] - axios.get(target); // $Alert[js/request-forgery] - axios.get(target.href); // $Alert[js/request-forgery] - const encodedUrl = encodeURI(input); - axios.get(encodedUrl); // $Alert[js/request-forgery] - const escapedUrl = escape(input); - axios.get(escapedUrl); // $Alert[js/request-forgery] +var server2 = http.createServer(function (req, res) { + const { URL } = require('url'); + const input = req.query.url; // $ Source[js/request-forgery] + const target = new URL(input); + axios.get(target.toString()); // $ Alert[js/request-forgery] + axios.get(target); // $ Alert[js/request-forgery] + axios.get(target.href); // $ Alert[js/request-forgery] + const encodedUrl = encodeURI(input); + axios.get(encodedUrl); // $ Alert[js/request-forgery] + const escapedUrl = escape(input); + axios.get(escapedUrl); // $ Alert[js/request-forgery] }); diff --git a/javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js b/javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js index 7743d0eec38..77919eb4074 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js +++ b/javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js @@ -6,22 +6,22 @@ const app = express(); const PORT = 3000; app.use((req, res, next) => { - req.parsedQueryFromParsedUrl = qs.parse(req._parsedUrl.query); // $Source[js/request-forgery] - req.parsedQuery.url = req.url || {}; // $Source[js/request-forgery] - req.SomeObject.url = req.url; // $Source[js/request-forgery] + req.parsedQueryFromParsedUrl = qs.parse(req._parsedUrl.query); // $ Source[js/request-forgery] + req.parsedQuery.url = req.url || {}; // $ Source[js/request-forgery] + req.SomeObject.url = req.url; // $ Source[js/request-forgery] next(); }); app.get('/proxy', async (req, res) => { - const targetUrl = req.parsedQuery.url; - const response = await axios.get(targetUrl); // $Alert[js/request-forgery] + const targetUrl = req.parsedQuery.url; + const response = await axios.get(targetUrl); // $ Alert[js/request-forgery] - const targetUrl1 = req.parsedQueryFromParsedUrl.url; - const response1 = await axios.get(targetUrl1); // $Alert[js/request-forgery] - - const targetUrl2 = req.url || {}; // $Source[js/request-forgery] - const response2 = await axios.get(targetUrl2); // $Alert[js/request-forgery] + const targetUrl1 = req.parsedQueryFromParsedUrl.url; + const response1 = await axios.get(targetUrl1); // $ Alert[js/request-forgery] - const targetUrl3 = req.SomeObject.url || {}; - const response3 = await axios.get(targetUrl3); // $Alert[js/request-forgery] + const targetUrl2 = req.url || {}; // $ Source[js/request-forgery] + const response2 = await axios.get(targetUrl2); // $ Alert[js/request-forgery] + + const targetUrl3 = req.SomeObject.url || {}; + const response3 = await axios.get(targetUrl3); // $ Alert[js/request-forgery] }); diff --git a/javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/tst.js b/javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/tst.js index 01f046d1c1e..b3fd2bfa6bc 100644 --- a/javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/tst.js +++ b/javascript/ql/test/query-tests/Statements/LoopIterationSkippedDueToShifting/tst.js @@ -33,8 +33,8 @@ function decrementAfter(string) { let parts = string.split('/'); for (let i = 0; i < parts.length; ++i) { if (parts[i] === 'X') { - parts.splice(i, 1); - --i; + parts.splice(i, 1); + --i; } } return parts.join('/'); @@ -44,7 +44,7 @@ function postDecrementArgument(string) { let parts = string.split('/'); for (let i = 0; i < parts.length; ++i) { if (parts[i] === 'X') { - parts.splice(i--, 1); + parts.splice(i--, 1); } } return parts.join('/'); @@ -55,8 +55,8 @@ function breakAfter(string) { let parts = string.split('/'); for (let i = 0; i < parts.length; ++i) { if (parts[i] === 'X') { - parts.splice(i, 1); // OK - only removes first occurrence - break; + parts.splice(i, 1); // OK - only removes first occurrence + break; } } return parts.join('/'); @@ -66,7 +66,7 @@ function insertNewElements(string) { let parts = string.split('/'); for (let i = 0; i < parts.length; ++i) { if (parts[i] === 'X') { - parts.splice(i, 1, '.'); // OK - no shifting due to insert + parts.splice(i, 1, '.'); // OK - no shifting due to insert } } return parts.join('/'); @@ -89,7 +89,7 @@ function spliceAfterLoopNested(string) { for (let j = 0; j < parts.length; ++j) { let i = j; for (; i < parts.length; ++i) { - if (parts[i] === 'X') break; + if (parts[i] === 'X') break; } parts.splice(i, 1); // OK - not inside 'i' loop } @@ -124,10 +124,10 @@ function inspectNextElement(string) { function withTryCatch(pendingCSS) { for (let i = 0; i < pendingCSS.length; ++i) { - try { - pendingCSS.splice(i, 1); // $ SPURIOUS:Alert - i -= 1; - } catch (ex) {} + try { + pendingCSS.splice(i, 1); // $ SPURIOUS:Alert + i -= 1; + } catch (ex) { } } } @@ -139,9 +139,9 @@ function andOperand(toc) { function ifStatement(toc) { for (let i = 0; i < toc.length; i++) { - if(toc[i].ignoreSubHeading){ - if(toc.splice(i, 1)){ - i--; + if (toc[i].ignoreSubHeading) { + if (toc.splice(i, 1)) { + i--; } } } @@ -149,8 +149,8 @@ function ifStatement(toc) { function ifStatement2(toc) { for (let i = 0; i < toc.length; i++) { - if(toc[i].ignoreSubHeading){ - if(!toc.splice(i, 1)){ // $Alert + if (toc[i].ignoreSubHeading) { + if (!toc.splice(i, 1)) { // $ Alert i--; } }