JS: Use in SensitiveActions test as an example

2026-04-26 17:25:19 +02:00 · 2025-04-03 13:21:26 +02:00
parent c49ffa01ee
commit 14c5495b4c
4 changed files with 27 additions and 25 deletions
--- a/javascript/ql/test/library-tests/SensitiveActions/tests.expected
+++ b/javascript/ql/test/library-tests/SensitiveActions/tests.expected
@@ -31,14 +31,14 @@ sensitiveAction
 | tst.js:23:1:23:25 | require ... .exit() |
 | tst.js:24:1:24:21 | global. ... .exit() |
 sensitiveExpr
-| tst.js:1:1:1:8 | password |
-| tst.js:2:1:2:8 | PassWord |
-| tst.js:3:1:3:21 | myPassw ... eartext |
-| tst.js:4:1:4:10 | x.password |
-| tst.js:5:1:5:11 | getPassword |
-| tst.js:5:1:5:13 | getPassword() |
-| tst.js:6:1:6:13 | x.getPassword |
-| tst.js:6:1:6:15 | x.getPassword() |
-| tst.js:7:1:7:15 | get("password") |
-| tst.js:8:1:8:17 | x.get("password") |
-| tst.js:21:1:21:6 | secret |
+| tst.js:1:1:1:8 | password | password |
+| tst.js:2:1:2:8 | PassWord | password |
+| tst.js:3:1:3:21 | myPassw ... eartext | password |
+| tst.js:4:1:4:10 | x.password | password |
+| tst.js:5:1:5:11 | getPassword | password |
+| tst.js:5:1:5:13 | getPassword() | password |
+| tst.js:6:1:6:13 | x.getPassword | password |
+| tst.js:6:1:6:15 | x.getPassword() | password |
+| tst.js:7:1:7:15 | get("password") | password |
+| tst.js:8:1:8:17 | x.get("password") | password |
+| tst.js:21:1:21:6 | secret | secret |
--- a/javascript/ql/test/library-tests/SensitiveActions/tests.ql
+++ b/javascript/ql/test/library-tests/SensitiveActions/tests.ql
@@ -20,4 +20,4 @@ query predicate processTermination(NodeJSLib::ProcessTermination term) { any() }

 query predicate sensitiveAction(SensitiveAction ac) { any() }

-query predicate sensitiveExpr(SensitiveNode e) { any() }
+query predicate sensitiveExpr(SensitiveNode e, string kind) { kind = e.getClassification() }
--- a/javascript/ql/test/library-tests/SensitiveActions/tests.qlref
+++ b/javascript/ql/test/library-tests/SensitiveActions/tests.qlref
@@ -0,0 +1,2 @@
+query: tests.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/javascript/ql/test/library-tests/SensitiveActions/tst.js
+++ b/javascript/ql/test/library-tests/SensitiveActions/tst.js
@@ -1,11 +1,11 @@
-password;
-PassWord;
-myPasswordInCleartext;
-x.password;
-getPassword();
-x.getPassword();
-get("password");
-x.get("password");
+password; // $ cleartextPasswordExpr sensitiveExpr=password
+PassWord; // $ cleartextPasswordExpr sensitiveExpr=password
+myPasswordInCleartext; // $ cleartextPasswordExpr sensitiveExpr=password
+x.password; // $ cleartextPasswordExpr sensitiveExpr=password
+getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password
+x.getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password
+get("password"); // $ cleartextPasswordExpr sensitiveExpr=password
+x.get("password"); // $ cleartextPasswordExpr sensitiveExpr=password

 hashed_password;
 password_hashed;
@@ -15,13 +15,13 @@ hashedPassword;

 var exit = require('exit');
 var e = process.exit;
-e();
-exit();
+e(); // $ processTermination sensitiveAction
+exit(); // $ processTermination sensitiveAction

-secret;
+secret; // $ sensitiveExpr=secret

-require("process").exit();
-global.process.exit();
+require("process").exit(); // $ processTermination sensitiveAction
+global.process.exit(); // $ processTermination sensitiveAction

 get("https://example.com/news?password=true")
 get("https://username:password@example.com")