hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update CleartextLogging with fixed FP

Browse Source
This commit is contained in:
Asger F
2024-10-23 13:20:34 +02:00
parent 18b39460f5
commit 1243188825
2 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -9,9 +9,6 @@ edges
| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance | |
| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | provenance | |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | provenance | |
| passwords.js:28:9:28:17 | obj3 [x] | passwords.js:29:17:29:20 | obj3 | provenance | |
| passwords.js:30:5:30:8 | [post update] obj3 [x] | passwords.js:28:9:28:17 | obj3 [x] | provenance | |
| passwords.js:30:14:30:21 | password | passwords.js:30:5:30:8 | [post update] obj3 [x] | provenance | |
| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance | |
| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | provenance | |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance | |
@@ -97,10 +94,6 @@ nodes
| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] |
| passwords.js:24:12:24:19 | password | semmle.label | password |
| passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 |
| passwords.js:28:9:28:17 | obj3 [x] | semmle.label | obj3 [x] |
| passwords.js:29:17:29:20 | obj3 | semmle.label | obj3 |
| passwords.js:30:5:30:8 | [post update] obj3 [x] | semmle.label | [post update] obj3 [x] |
| passwords.js:30:14:30:21 | password | semmle.label | password |
| passwords.js:77:9:77:55 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] |
| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] |
| passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password |
@@ -192,7 +185,6 @@ subpaths
| passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password |
| passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password |
| passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password |
| passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password |
| passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password |
| passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | This logs sensitive data returned by $@ as clear text. | passwords.js:80:18:80:25 | password | an access to password |
| passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:93:39:93:46 | password | an access to password |

4
javascript/ql/test/query-tests/Security/CWE-312/passwords.js
View File

@@ -26,7 +26,7 @@
console.log(obj2); // NOT OK
var obj3 = {};
console.log(obj3); // OK - but still flagged due to flow-insensitive field-analysis. [INCONSISTENCY]
console.log(obj3); // OK
obj3.x = password;
var fixed_password = "123";
@@ -174,4 +174,4 @@ const debug = require('debug')('test');
const myPasscode = foo();
console.log(myPasscode); // NOT OK
});
});