hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test exposing source location of attribute after line break

Browse Source
This commit is contained in:
Asger Feldthaus
2021-01-21 11:25:39 +00:00
parent 7c6704a63f
commit 144d04f3ce
4 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/library-tests/frameworks/Angular2/inline.component.ts
View File

@@ -5,7 +5,7 @@ import { Input, Component } from '@angular/core';
template: `
<sink-component [sink7]="taint"></sink-component>
\n<sink-component [sink7]="taint"></sink-component>
\n<sink-component [sink9]="taint" [testAttr]="taint"></sink-component>
`
})
export class InlineComponent {

3
javascript/ql/test/library-tests/frameworks/Angular2/sink.component.ts
View File

@@ -14,7 +14,7 @@ export class SinkComponent {
sink6: string;
sink7: string;
sink8: string;
sink9: string;
constructor(private sanitizer: DomSanitizer) {}
@@ -27,5 +27,6 @@ export class SinkComponent {
this.sanitizer.bypassSecurityTrustHtml(this.sink6);
this.sanitizer.bypassSecurityTrustHtml(this.sink7);
this.sanitizer.bypassSecurityTrustHtml(this.sink8);
this.sanitizer.bypassSecurityTrustHtml(this.sink9);
}
}

3
javascript/ql/test/library-tests/frameworks/Angular2/test.expected
View File

@@ -23,6 +23,7 @@ pipeClassRef
| TestPipe.ts:4:8:9:1 | class T ... ;\\n }\\n} | source.component.html:6:19:6:26 | testPipe |
taintFlow
| inline.component.ts:15:22:15:29 | source() | sink.component.ts:28:48:28:57 | this.sink7 |
| inline.component.ts:15:22:15:29 | source() | sink.component.ts:30:48:30:57 | this.sink9 |
| source.component.ts:14:22:14:29 | source() | TestPipe.ts:6:31:6:35 | value |
| source.component.ts:14:22:14:29 | source() | sink.component.ts:22:48:22:57 | this.sink1 |
| source.component.ts:14:22:14:29 | source() | sink.component.ts:25:48:25:57 | this.sink4 |
@@ -31,3 +32,5 @@ taintFlow
| source.component.ts:14:22:14:29 | source() | sink.component.ts:29:48:29:57 | this.sink8 |
| source.component.ts:14:22:14:29 | source() | source.component.ts:20:48:20:48 | x |
| source.component.ts:15:33:15:40 | source() | sink.component.ts:22:48:22:57 | this.sink1 |
testAttrSourceLocation
| inline.component.ts:8:43:8:61 | [testAttr]=taint | inline.component.ts:8:55:8:59 | <toplevel> |

5
javascript/ql/test/library-tests/frameworks/Angular2/test.ql
View File

@@ -27,3 +27,8 @@ class TaintConfig extends TaintTracking::Configuration {
query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) {
any(TaintConfig c).hasFlow(source, sink)
}
query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) {
attrib.getName() = "[testAttr]" and
top = attrib.getCodeInAttribute()
}