hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Restrict getInput to indirect command injection query

Browse Source
This commit is contained in:
Asger F
2023-05-03 16:10:03 +02:00
parent b9ad4177f9
commit 1a9956354e
6 changed files with 43 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
View File

@@ -13,16 +13,9 @@ nodes
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| actions.js:5:10:5:50 | github. ... message |
| actions.js:5:10:5:50 | github. ... message |
| actions.js:5:10:5:50 | github. ... message |
| actions.js:6:10:6:33 | core.ge ... mbers') |
| actions.js:6:10:6:33 | core.ge ... mbers') |
| actions.js:6:10:6:33 | core.ge ... mbers') |
| actions.js:7:10:7:42 | core.ge ... mbers') |
| actions.js:7:10:7:42 | core.ge ... mbers') |
| actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
@@ -205,12 +198,7 @@ edges
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message |
| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') |
| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |