hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18653 from asgerf/js/source-on-same-line

Browse Source 
Test: Don't expect 'Source' tag when source and alert are on the same same
This commit is contained in:
Asger F
2025-02-04 11:01:46 +01:00
committed by GitHub
parent 3d3f07ad72 7bf69d92ca
commit 294fd0a7a7
3 changed files with 76 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
View File

@@ -13,7 +13,7 @@ express().post('/some/path', function (req, res) {
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Source=files $ Alert=files
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert
// OK - no entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })

88
rust/ql/test/query-tests/security/CWE-312/test_logging.rs
View File

@@ -39,51 +39,51 @@ impl std::fmt::Display for MyStruct2 {
fn test_log(harmless: String, password: String, encrypted_password: String) {
// logging macros
debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
info!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
trace!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
warn!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
error!("message = {}", password); // $ Alert[rust/cleartext-logging]
info!("message = {}", password); // $ Alert[rust/cleartext-logging]
trace!("message = {}", password); // $ Alert[rust/cleartext-logging]
warn!("message = {}", password); // $ Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
// debug! macro, various formatting
debug!("message");
debug!("message = {}", harmless);
debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
debug!("message = {}", encrypted_password);
debug!("message = {} {}", harmless, password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {} {}", harmless, password); // $ Alert[rust/cleartext-logging]
debug!("message = {harmless}");
debug!("message = {harmless} {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {password}"); // $ Source Alert[rust/cleartext-logging]
debug!("message = {password:?}"); // $ Source Alert[rust/cleartext-logging]
debug!("message = {harmless} {}", password); // $ Alert[rust/cleartext-logging]
debug!("message = {password}"); // $ Alert[rust/cleartext-logging]
debug!("message = {password:?}"); // $ Alert[rust/cleartext-logging]
debug!(target: "target", "message = {}", harmless);
debug!(target: "target", "message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!(target: &password, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
debug!(target: "target", "message = {}", password); // $ Alert[rust/cleartext-logging]
debug!(target: &password, "message = {}", harmless); // $ Alert[rust/cleartext-logging]
// log! macro, various formatting
log!(Level::Error, "message = {}", harmless);
log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
log!(target: "target", Level::Error, "message = {}", harmless);
log!(target: "target", Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(target: &password, Level::Error, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
log!(target: "target", Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
log!(target: &password, Level::Error, "message = {}", harmless); // $ Alert[rust/cleartext-logging]
// structured logging
error!(value = 1; "message = {}", harmless);
error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: "target", value = 1; "message");
error!(target: "target", value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: &password, value = 1; "message"); // $ Source Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: "target", value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: &password, value = 1; "message"); // $ Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(value = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]
error!(value:? = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]
let value1 = 1;
error!(value1; "message = {}", harmless);
error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: "target", value1; "message");
error!(target: "target", value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: &password, value1; "message"); // $ Source Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: "target", value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: &password, value1; "message"); // $ Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
let value2 = password.as_str();
error!(value2; "message"); // $ MISSING: Alert[rust/cleartext-logging]
@@ -115,7 +115,7 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
}
// logging with a call
trace!("message = {}", get_password()); // $ Source Alert[rust/cleartext-logging]
trace!("message = {}", get_password()); // $ Alert[rust/cleartext-logging]
let str1 = "123456".to_string();
trace!("message = {}", &str1); // $ MISSING: Alert[rust/cleartext-logging]
@@ -149,36 +149,36 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
}
fn test_std(password: String, i: i32, opt_i: Option<i32>) {
print!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
println!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
eprint!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
eprintln!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
print!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
println!("message = {}", password); // $ Alert[rust/cleartext-logging]
eprint!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
eprintln!("message = {}", password); // $ Alert[rust/cleartext-logging]
match i {
1 => { panic!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
2 => { todo!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
3 => { unimplemented!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
4 => { unreachable!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
5 => { assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
6 => { assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
7 => { assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
8 => { debug_assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Source Alert[rust/cleartext-logging]
1 => { panic!("message = {}", password); } // $ Alert[rust/cleartext-logging]
2 => { todo!("message = {}", password); } // $ Alert[rust/cleartext-logging]
3 => { unimplemented!("message = {}", password); } // $ Alert[rust/cleartext-logging]
4 => { unreachable!("message = {}", password); } // $ Alert[rust/cleartext-logging]
5 => { assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
6 => { assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
7 => { assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
8 => { debug_assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Alert[rust/cleartext-logging]
_ => {}
}
std::io::stdout().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
std::io::stderr().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
let mut out = std::io::stdout().lock();
out.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
out.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
let mut err = std::io::stderr().lock();
err.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
err.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
}
fn main() {

54
shared/util/codeql/util/test/InlineExpectationsTest.qll
View File

@@ -645,6 +645,21 @@ module TestPostProcessing {
private import InlineExpectationsTest as InlineExpectationsTest
private import InlineExpectationsTest::Make<Input>
/** Holds if the given locations refer to the same lines, but possibly with different column numbers. */
bindingset[loc1, loc2]
pragma[inline_late]
private predicate sameLineInfo(Input::Location loc1, Input::Location loc2) {
exists(string file, int line1, int line2 |
loc1.hasLocationInfo(file, line1, _, line2, _) and
loc2.hasLocationInfo(file, line1, _, line2, _)
)
}
pragma[nomagic]
private predicate mainQueryResult(int row, int column, Input::Location loc) {
queryResults(mainResultSet(), row, column, Input2::getRelativeUrl(loc))
}
/**
* Gets the tag to be used for the path-problem source at result row `row`.
*
@@ -653,8 +668,10 @@ module TestPostProcessing {
*/
private string getSourceTag(int row) {
getQueryKind() = "path-problem" and
exists(string loc | queryResults(mainResultSet(), row, 2, loc) |
if queryResults(mainResultSet(), row, 0, loc) then result = "Alert" else result = "Source"
exists(Input::Location sourceLoc, Input::Location selectLoc |
mainQueryResult(row, 0, selectLoc) and
mainQueryResult(row, 2, sourceLoc) and
if sameLineInfo(selectLoc, sourceLoc) then result = "Alert" else result = "Source"
)
}
@@ -719,13 +736,10 @@ module TestPostProcessing {
int row, Input::Location location, string element, string tag, string value
) {
getQueryKind() = "path-problem" and
exists(string loc |
queryResults(mainResultSet(), row, 2, loc) and
queryResults(mainResultSet(), row, 3, element) and
tag = getSourceTag(row) and
value = "" and
Input2::getRelativeUrl(location) = loc
)
mainQueryResult(row, 2, location) and
queryResults(mainResultSet(), row, 3, element) and
tag = getSourceTag(row) and
value = ""
}
predicate hasActualResult(Input::Location location, string element, string tag, string value) {
@@ -759,24 +773,18 @@ module TestPostProcessing {
int row, Input::Location location, string element, string tag
) {
getQueryKind() = "path-problem" and
exists(string loc |
queryResults(mainResultSet(), row, 4, loc) and
queryResults(mainResultSet(), row, 5, element) and
tag = getSinkTag(row) and
Input2::getRelativeUrl(location) = loc
)
mainQueryResult(row, 4, location) and
queryResults(mainResultSet(), row, 5, element) and
tag = getSinkTag(row)
}
private predicate hasAlert(int row, Input::Location location, string element, string tag) {
getQueryKind() = ["problem", "path-problem"] and
exists(string loc |
queryResults(mainResultSet(), row, 0, loc) and
queryResults(mainResultSet(), row, 2, element) and
tag = "Alert" and
Input2::getRelativeUrl(location) = loc and
not hasPathProblemSource(row, location, _, _, _) and
not hasPathProblemSink(row, location, _, _)
)
mainQueryResult(row, 0, location) and
queryResults(mainResultSet(), row, 2, element) and
tag = "Alert" and
not hasPathProblemSource(row, location, _, _, _) and
not hasPathProblemSink(row, location, _, _)
}
/**