hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactored ReplySource to ReplyCall. Got rid of unnecessary ref()

Browse Source
This commit is contained in:
Alvaro Muñoz
2022-10-25 11:42:48 +02:00
parent 742e4aa471
commit 37ea3f23f1
4 changed files with 246 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
javascript/ql/lib/semmle/javascript/frameworks/Spife.qll
View File

@@ -186,7 +186,7 @@ module Spife {
string kind;
ContextInputAccess() {
this = request.ref().getAMethodCall("get")
this = request.ref().getAMethodCall("get") and
kind = "path"
}
@@ -217,29 +217,25 @@ module Spife {
* A Spife response source, that is, the response variable used by a
* route handler.
*/
private class ReplySource extends Http::Servers::ResponseSource instanceof DataFlow::CallNode {
ReplySource() {
// const reply = require("@npm/spife/reply")
private class ReplyCall extends API::CallNode {
ReplyCall() {
// reply(resp)
this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getACall()
or
// reply.header(resp, 'foo', 'bar')
this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getACall() or
this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getAMember().getACall()
}
private DataFlow::SourceNode reachesHandlerReturn(DataFlow::TypeTracker t) {
result = this and
t.start()
or
exists(DataFlow::TypeTracker t2 | result = this.reachesHandlerReturn(t2).track(t2, t))
predicate isDirectReplyCall() {
this = API::moduleImport(["@npm/spife/reply", "spife/reply"]).getACall()
}
/**
* Gets the route handler that provides this response.
*/
override RouteHandler getRouteHandler() {
RouteHandler getRouteHandler() {
exists(RouteHandler handler |
handler.(DataFlow::FunctionNode).getAReturn().getALocalSource() =
this.reachesHandlerReturn(DataFlow::TypeTracker::end()) and
handler.getAReturn() = this.getReturn().getAValueReachableFromSource() and
result = handler
)
}
@@ -248,47 +244,46 @@ module Spife {
/**
* An HTTP header defined in a Spife response.
*/
private class HeaderDefinition extends Http::ExplicitHeaderDefinition, DataFlow::MethodCallNode instanceof ReplySource {
HeaderDefinition() {
private class SingleHeaderDefinition extends Http::ExplicitHeaderDefinition instanceof ReplyCall {
SingleHeaderDefinition() {
// reply.header(RESPONSE, 'Cache-Control', 'no-cache')
exists(DataFlow::MethodCallNode call |
this.ref() = call and
call.getMethodName() = "header" and
call.getNumArgument() = 3
)
this.getCalleeName() = "header" and
this.getNumArgument() = 3
}
override predicate definesHeaderValue(string headerName, DataFlow::Node headerValue) {
// reply.header(RESPONSE, 'Cache-Control', 'no-cache')
this.getNameNode().mayHaveStringValue(headerName) and
headerValue = this.getArgument(2)
headerValue = this.(DataFlow::MethodCallNode).getArgument(2)
}
override DataFlow::Node getNameNode() { result = this.getArgument(1) }
override DataFlow::Node getNameNode() {
result = this.(DataFlow::MethodCallNode).getArgument(1)
}
override RouteHandler getRouteHandler() { result = this.getRouteHandler() }
override RouteHandler getRouteHandler() { result = this.(ReplyCall).getRouteHandler() }
}
/**
* An invocation that sets any number of headers of the HTTP response.
*/
private class MultipleHeaderDefinitions extends Http::ExplicitHeaderDefinition, DataFlow::CallNode {
ReplySource reply;
private class MultipleHeaderDefinitions extends Http::ExplicitHeaderDefinition instanceof ReplyCall {
MultipleHeaderDefinitions() {
// reply.header(RESPONSE, {'Cache-Control': 'no-cache'})
// reply(RESPONSE, {'Cache-Control': 'no-cache'})
exists(DataFlow::CallNode call | call = [reply.ref(), reply.ref().getAMethodCall("header")] |
call.getAnArgument().getALocalSource() instanceof DataFlow::ObjectLiteralNode and
this = call
)
(
// reply.header(RESPONSE, {'Cache-Control': 'no-cache'})
this.getCalleeName() = "header"
or
// reply(RESPONSE, {'Cache-Control': 'no-cache'})
this.isDirectReplyCall()
) and
this.getAnArgument().getALocalSource() instanceof DataFlow::ObjectLiteralNode
}
/**
* Gets a reference to the multiple headers object that is to be set.
*/
private DataFlow::ObjectLiteralNode getAHeaderSource() {
result = this.getAnArgument().getALocalSource()
DataFlow::ObjectLiteralNode getAHeaderSource() {
result = this.(DataFlow::CallNode).getAnArgument().getALocalSource()
}
override predicate definesHeaderValue(string headerName, DataFlow::Node headerValue) {
@@ -302,58 +297,108 @@ module Spife {
result = this.getAHeaderSource().getAPropertyWrite().getPropertyNameExpr().flow()
}
override RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
override RouteHandler getRouteHandler() { result = this.(ReplyCall).getRouteHandler() }
}
/**
* A header produced by a route handler with no explicit declaration of a Content-Type.
*/
private class ContentTypeRouteHandlerHeader extends Http::ImplicitHeaderDefinition,
DataFlow::FunctionNode instanceof RouteHandler {
private class ContentTypeRouteHandlerHeader extends Http::ImplicitHeaderDefinition instanceof RouteHandler {
override predicate defines(string headerName, string headerValue) {
headerName = "content-type" and headerValue = "application/json"
}
override Http::RouteHandler getRouteHandler() { result = this }
override RouteHandler getRouteHandler() { result = this }
}
/**
* An HTTP cookie defined in a Spife HTTP response.
*/
private class CookieDefinition extends Http::CookieDefinition, DataFlow::MethodCallNode {
private class CookieDefinition extends Http::CookieDefinition instanceof ReplyCall {
CookieDefinition() {
// reply.cookie(RESPONSE, 'TEST', 'FOO', {"maxAge": 1000, "httpOnly": true, "secure": true})
this = any(ReplySource r).ref().getAMethodCall("cookie")
this.getCalleeName() = "cookie"
}
override DataFlow::Node getNameArgument() { result = this.getArgument(1) }
// this = any(ReplyCall r).ref().getAMethodCall("cookie")
override DataFlow::Node getNameArgument() { result = this.(ReplyCall).getArgument(1) }
override DataFlow::Node getValueArgument() { result = this.getArgument(2) }
override DataFlow::Node getValueArgument() { result = this.(ReplyCall).getArgument(2) }
override RouteHandler getRouteHandler() { result = this.getRouteHandler() }
override RouteHandler getRouteHandler() { result = this.(ReplyCall).getRouteHandler() }
}
/**
* A response argument passed to the `reply` method.
* A response sent using a method on the `reply` object.
*/
private class ReplyArgument extends Http::ResponseSendArgument, DataFlow::Node {
private class ReplyMethodCallArgument extends Http::ResponseSendArgument {
ReplyCall reply;
ReplyMethodCallArgument() {
// reply.header(RESPONSE, {'Cache-Control': 'no-cache'})
reply.getCalleeName() =
["cookie", "link", "header", "headers", "raw", "status", "toStream", "vary"] and
reply.getArgument(0) = this
}
override RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
}
/**
* A response sent using the `reply()` method.
*/
private class ReplyCallArgument extends Http::ResponseSendArgument {
ReplyCall reply;
ReplyCallArgument() {
// reply(RESPONSE, {'Cache-Control': 'no-cache'})
reply.isDirectReplyCall() and
reply.getArgument(0) = this
}
override RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
}
/**
* The return statement for a route handler.
*/
private class RouteHandlerReturn extends Http::ResponseSendArgument {
RouteHandler rh;
ReplyArgument() {
exists(ReplySource reply, DataFlow::CallNode call |
reply.ref() = call and
call.getCalleeName() =
["reply", "cookie", "link", "header", "headers", "raw", "status", "toStream", "vary"] and
this = call.getArgument(0) and
rh = reply.getRouteHandler()
)
or
this = rh.getAReturn()
RouteHandlerReturn() {
this = rh.getAReturn() and not this.getALocalSource() instanceof ReplyCall
}
override RouteHandler getRouteHandler() { result = rh }
}
/**
* A call to `reply.template('template', { ... })`, seen as a template instantiation.
*/
private class TemplateCall extends Templating::TemplateInstantiation::Range instanceof ReplyCall {
TemplateCall() { this.getCalleeName() = "template" }
override DataFlow::SourceNode getOutput() { result = this }
override DataFlow::Node getTemplateFileNode() { result = this.(ReplyCall).getArgument(0) }
override DataFlow::Node getTemplateParamsNode() { result = this.(ReplyCall).getArgument(1) }
}
/**
* An object passed to the `template` method of the reply object.
*/
private class TemplateObjectInput extends DataFlow::Node {
TemplateCall call;
TemplateObjectInput() { this = call.(ReplyCall).getArgument(1) }
/**
* Gets the route handler that uses this object.
*/
RouteHandler getRouteHandler() { result = call.(ReplyCall).getRouteHandler() }
}
/**
* An expression passed to the `template` method of the reply object
* as the value of a template variable.
@@ -361,55 +406,19 @@ module Spife {
private class TemplateInput extends Http::ResponseBody {
TemplateObjectInput obj;
TemplateInput() {
obj.getALocalSource().(DataFlow::ObjectLiteralNode).hasPropertyWrite(_, this)
}
TemplateInput() { obj.getALocalSource().hasPropertyWrite(_, this) }
override RouteHandler getRouteHandler() { result = obj.getRouteHandler() }
}
/**
* An object passed to the `template` method of the reply object.
*/
private class TemplateObjectInput extends DataFlow::Node {
ReplySource reply;
TemplateObjectInput() {
exists(DataFlow::MethodCallNode call |
reply.ref() = call and
call.getMethodName() = "template" and
this = call.getArgument(1)
)
}
/**
* Gets the route handler that uses this object.
*/
RouteHandler getRouteHandler() { result = reply.getRouteHandler() }
}
/**
* An invocation of the `redirect` method of an HTTP response object.
*/
private class RedirectInvocation extends Http::RedirectInvocation, DataFlow::MethodCallNode instanceof ReplySource {
RedirectInvocation() { this.ref().(DataFlow::MethodCallNode).getMethodName() = "redirect" }
private class RedirectInvocation extends Http::RedirectInvocation instanceof ReplyCall {
RedirectInvocation() { this.getCalleeName() = "redirect" }
override DataFlow::Node getUrlArgument() { result = this.getAnArgument() }
override RouteHandler getRouteHandler() { result = this.getRouteHandler() }
}
/**
* A call to `reply.template('template', { ... })`, seen as a template instantiation.
*/
private class TemplateCall extends Templating::TemplateInstantiation::Range,
DataFlow::MethodCallNode instanceof ReplySource {
TemplateCall() { this.getMethodName() = "template" }
override DataFlow::SourceNode getOutput() { result = this }
override DataFlow::Node getTemplateFileNode() { result = this.getArgument(0) }
override DataFlow::Node getTemplateParamsNode() { result = this.getArgument(1) }
}
}

20
javascript/ql/test/library-tests/frameworks/Spife/lib/views/index.js
View File

@@ -35,23 +35,23 @@ function homepage(req, context) { // test: handler
sink(req.urlObject.pathname) // test: source
sink(context.get('package')) // test: source
sink(context)
return reply.template('home', { target: req.query.name }) // test: source, templateInstantiation, stackTraceExposureSink
return reply.template('home', { target: req.query.name }) // test: source, templateInstantiation, stackTraceExposureSink, responseBody
}
function raw1(req, context) { // test: handler
sink(req.query.name) // test: source
return reply(req.query.name, 200, { // test: source, xssSink, stackTraceExposureSink, xss
"content-type": "text/html",
"access-control-allow-origin": "*", // test: corsMiconfigurationSink
"access-control-allow-headers": "Content-Type, Authorization, Content-Length, X-Requested-With",
"access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
"access-control-allow-credentials": "true"
"content-type": "text/html", // test: headerDefinition
"access-control-allow-origin": "*", // test: corsMiconfigurationSink, headerDefinition
"access-control-allow-headers": "Content-Type, Authorization, Content-Length, X-Requested-With", // test: headerDefinition
"access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS", // test: headerDefinition
"access-control-allow-credentials": "true" //test: headerDefinition
})
}
function redirect(req, context) { // test: handler
return reply.redirect(context.get('redirect_url')) // test: redirectSink, source, stackTraceExposureSink
return reply.redirect(context.get('redirect_url')) // test: redirectSink, source
}
function raw2(req, context) { // test: handler
return reply.cookie({ "test": req.query.name }, "test", req.query.name, { "httpOnly": false, "secure": false }) // test: source, cleartextStorageSink, stackTraceExposureSink, cookieDefinition
@@ -64,7 +64,7 @@ function test1(req, context) { // test: handler
case 'html':
return reply.header('<p>' + req.query.name + '</p>', 'content-type', 'text/html') // test: source, xssSink, stackTraceExposureSink, xss, headerDefinition
case 'plain':
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition, headerDefinition
}
return 'well, I guess you just want plaintext.'
}
@@ -87,7 +87,7 @@ function test4(req, context) { // test: handler
const body = req.body // test: source
const newPackument = body['package-json']
const message = `INFO: User invited to package ${newPackument._id} successfully.`
return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss
return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss, headerDefinition
}
function test5(req, context) { // test: handler
@@ -102,7 +102,7 @@ function test6(req, context) { // test: handler
const newPackument = body['package-json']
const message = `INFO: User invited to package ${newPackument._id} successfully.`
if (message.contains('foo')) {
return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss
return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss, headerDefinition
} else {
return reply(message, 200, { 'npm-notice': message, 'content-type': 'text/html' }) // test: stackTraceExposureSink, xssSink, xss, headerDefinition
}

123
javascript/ql/test/library-tests/frameworks/Spife/tests.expected
View File

@@ -1,8 +1,88 @@
WARNING: Unused method getCredentialsHeader (tests.ql:70,26-46)
test0
| lib/views/index.js:23:1:26:1 | functio ... tned)\\n} | content-type | application/json |
| lib/views/index.js:28:1:39:1 | functio ... eBody\\n} | content-type | application/json |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | content-type | application/json |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-credentials | true |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-headers | Content-Type, Authorization, Content-Length, X-Requested-With |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-methods | GET, POST, PUT, DELETE, OPTIONS |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-origin | * |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | content-type | text/html |
| lib/views/index.js:53:1:55:1 | functio ... ource\\n} | content-type | application/json |
| lib/views/index.js:56:1:58:1 | functio ... ition\\n} | content-type | application/json |
| lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | content-type | application/json |
| lib/views/index.js:65:14:65:87 | reply.h ... /html') | content-type | text/html |
| lib/views/index.js:67:14:67:92 | reply.h ... ain' }) | content-type | text/plain |
| lib/views/index.js:72:1:80:1 | functio ... ext.'\\n} | content-type | application/json |
| lib/views/index.js:77:14:77:92 | reply.h ... ain' }) | content-type | text/plain |
| lib/views/index.js:82:1:84:1 | functio ... !xss\\n} | content-type | application/json |
| lib/views/index.js:86:1:91:1 | functio ... ition\\n} | content-type | application/json |
| lib/views/index.js:93:1:98:1 | functio ... !xss\\n} | content-type | application/json |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | content-type | application/json |
| lib/views/index.js:107:12:107:86 | reply(m ... tml' }) | content-type | text/html |
| lib/views/index.js:111:1:115:1 | functio ... \\n })\\n} | content-type | application/json |
test
| lib/views/index.js:45:36:45:38 | "*" |
test2
| lib/views/index.js:43:16:43:29 | req.query.name |
| lib/views/index.js:65:27:65:57 | '<p>' + ... '</p>' |
| lib/views/index.js:107:18:107:24 | message |
test3
| lib/views/index.js:43:16:43:29 | req.query.name |
| lib/views/index.js:65:27:65:57 | '<p>' + ... '</p>' |
| lib/views/index.js:107:18:107:24 | message |
test4
| lib/views/index.js:23:1:26:1 | functio ... tned)\\n} | content-type | application/json |
| lib/views/index.js:28:1:39:1 | functio ... eBody\\n} | content-type | application/json |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | content-type | application/json |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-credentials | true |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-headers | Content-Type, Authorization, Content-Length, X-Requested-With |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-methods | GET, POST, PUT, DELETE, OPTIONS |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-origin | * |
| lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | content-type | text/html |
| lib/views/index.js:53:1:55:1 | functio ... ource\\n} | content-type | application/json |
| lib/views/index.js:56:1:58:1 | functio ... ition\\n} | content-type | application/json |
| lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | content-type | application/json |
| lib/views/index.js:65:14:65:87 | reply.h ... /html') | content-type | text/html |
| lib/views/index.js:67:14:67:92 | reply.h ... ain' }) | content-type | text/plain |
| lib/views/index.js:72:1:80:1 | functio ... ext.'\\n} | content-type | application/json |
| lib/views/index.js:77:14:77:92 | reply.h ... ain' }) | content-type | text/plain |
| lib/views/index.js:82:1:84:1 | functio ... !xss\\n} | content-type | application/json |
| lib/views/index.js:86:1:91:1 | functio ... ition\\n} | content-type | application/json |
| lib/views/index.js:93:1:98:1 | functio ... !xss\\n} | content-type | application/json |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | content-type | application/json |
| lib/views/index.js:107:12:107:86 | reply(m ... tml' }) | content-type | text/html |
| lib/views/index.js:111:1:115:1 | functio ... \\n })\\n} | content-type | application/json |
test5
| lib/views/index.js:23:1:26:1 | functio ... tned)\\n} | lib/views/index.js:23:1:26:1 | functio ... tned)\\n} | content-type |
| lib/views/index.js:28:1:39:1 | functio ... eBody\\n} | lib/views/index.js:28:1:39:1 | functio ... eBody\\n} | content-type |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | content-type |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-credentials |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-headers |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-methods |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | access-control-allow-origin |
| lib/views/index.js:41:1:51:1 | functio ... \\n })\\n} | lib/views/index.js:43:10:50:4 | reply(r ... n\\n\\n }) | content-type |
| lib/views/index.js:53:1:55:1 | functio ... ource\\n} | lib/views/index.js:53:1:55:1 | functio ... ource\\n} | content-type |
| lib/views/index.js:56:1:58:1 | functio ... ition\\n} | lib/views/index.js:56:1:58:1 | functio ... ition\\n} | content-type |
| lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | content-type |
| lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | lib/views/index.js:65:14:65:87 | reply.h ... /html') | content-type |
| lib/views/index.js:60:1:70:1 | functio ... ext.'\\n} | lib/views/index.js:67:14:67:92 | reply.h ... ain' }) | content-type |
| lib/views/index.js:72:1:80:1 | functio ... ext.'\\n} | lib/views/index.js:72:1:80:1 | functio ... ext.'\\n} | content-type |
| lib/views/index.js:72:1:80:1 | functio ... ext.'\\n} | lib/views/index.js:77:14:77:92 | reply.h ... ain' }) | content-type |
| lib/views/index.js:82:1:84:1 | functio ... !xss\\n} | lib/views/index.js:82:1:84:1 | functio ... !xss\\n} | content-type |
| lib/views/index.js:86:1:91:1 | functio ... ition\\n} | lib/views/index.js:86:1:91:1 | functio ... ition\\n} | content-type |
| lib/views/index.js:86:1:91:1 | functio ... ition\\n} | lib/views/index.js:90:10:90:55 | reply(m ... sage }) | npm-notice |
| lib/views/index.js:93:1:98:1 | functio ... !xss\\n} | lib/views/index.js:93:1:98:1 | functio ... !xss\\n} | content-type |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | content-type |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | lib/views/index.js:105:12:105:57 | reply(m ... sage }) | npm-notice |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | lib/views/index.js:107:12:107:86 | reply(m ... tml' }) | content-type |
| lib/views/index.js:100:1:109:1 | functio ... n\\n }\\n} | lib/views/index.js:107:12:107:86 | reply(m ... tml' }) | npm-notice |
| lib/views/index.js:111:1:115:1 | functio ... \\n })\\n} | lib/views/index.js:111:1:115:1 | functio ... \\n })\\n} | content-type |
passingPositiveTests
| PASSED | candidateHandler | lib/views/index.js:82:32:82:56 | // test ... Handler |
| PASSED | cleartextStorageSink | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | cookieDefinition | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | corsMiconfigurationSink | lib/views/index.js:45:41:45:72 | // test ... ionSink |
| PASSED | corsMiconfigurationSink | lib/views/index.js:45:41:45:90 | // test ... inition |
| PASSED | handler | lib/views/index.js:23:40:23:55 | // test: handler |
| PASSED | handler | lib/views/index.js:28:35:28:50 | // test: handler |
| PASSED | handler | lib/views/index.js:41:31:41:46 | // test: handler |
@@ -13,11 +93,19 @@ passingPositiveTests
| PASSED | handler | lib/views/index.js:86:32:86:47 | // test: handler |
| PASSED | handler | lib/views/index.js:93:32:93:47 | // test: handler |
| PASSED | handler | lib/views/index.js:100:32:100:47 | // test: handler |
| PASSED | headerDefinition | lib/views/index.js:44:34:44:58 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:45:41:45:90 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:46:102:46:126 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:47:72:47:96 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:48:48:48:71 | //test: ... inition |
| PASSED | headerDefinition | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:67:94:67:184 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:90:57:90:121 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:105:59:105:123 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:107:88:107:150 | // test ... inition |
| PASSED | redirectSink | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | redirectSink | lib/views/index.js:54:54:54:82 | // test ... source |
| PASSED | responseBody | lib/views/index.js:38:61:38:136 | // test ... nseBody |
| PASSED | source | lib/views/index.js:24:56:24:70 | // test: source |
| PASSED | source | lib/views/index.js:29:28:29:42 | // test: source |
| PASSED | source | lib/views/index.js:30:28:30:42 | // test: source |
@@ -27,14 +115,14 @@ passingPositiveTests
| PASSED | source | lib/views/index.js:34:17:34:31 | // test: source |
| PASSED | source | lib/views/index.js:35:32:35:46 | // test: source |
| PASSED | source | lib/views/index.js:36:32:36:46 | // test: source |
| PASSED | source | lib/views/index.js:38:61:38:122 | // test ... ureSink |
| PASSED | source | lib/views/index.js:38:61:38:136 | // test ... nseBody |
| PASSED | source | lib/views/index.js:42:24:42:38 | // test: source |
| PASSED | source | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | source | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | source | lib/views/index.js:54:54:54:82 | // test ... source |
| PASSED | source | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | source | lib/views/index.js:63:41:63:79 | // test ... ureSink |
| PASSED | source | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | source | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | source | lib/views/index.js:67:94:67:184 | // test ... inition |
| PASSED | source | lib/views/index.js:75:41:75:79 | // test ... ureSink |
| PASSED | source | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | source | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
@@ -42,22 +130,21 @@ passingPositiveTests
| PASSED | source | lib/views/index.js:94:25:94:39 | // test: source |
| PASSED | source | lib/views/index.js:101:25:101:39 | // test: source |
| PASSED | source | lib/views/index.js:112:34:112:72 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:38:61:38:122 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:38:61:38:136 | // test ... nseBody |
| PASSED | stackTraceExposureSink | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:63:41:63:79 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:67:94:67:184 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:75:41:75:79 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:90:57:90:103 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:90:57:90:121 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:105:59:105:105 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:105:59:105:123 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:107:88:107:150 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:112:34:112:72 | // test ... ureSink |
| PASSED | templateInstantiation | lib/views/index.js:38:61:38:122 | // test ... ureSink |
| PASSED | templateInstantiation | lib/views/index.js:38:61:38:136 | // test ... nseBody |
| PASSED | xss | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | xss | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | xss | lib/views/index.js:107:88:107:150 | // test ... inition |
@@ -66,16 +153,16 @@ passingPositiveTests
| PASSED | xssSink | lib/views/index.js:107:88:107:150 | // test ... inition |
failingPositiveTests
passingNegativeTests
| PASSED | !xss | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | !xss | lib/views/index.js:67:94:67:184 | // test ... inition |
| PASSED | !xss | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | !xss | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:90:57:90:103 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:90:57:90:121 | // test ... inition |
| PASSED | !xss | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:105:59:105:105 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | !xss | lib/views/index.js:105:59:105:123 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:67:94:67:184 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:90:57:90:103 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:90:57:90:121 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:105:59:105:105 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:105:59:105:123 | // test ... inition |
failingNegativeTests

32
javascript/ql/test/library-tests/frameworks/Spife/tests.ql
View File

@@ -33,8 +33,14 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasPositiveTest(expectation) and
(
expectation = "responseBody" and
exists(Http::ResponseBody n | t.inNode(n))
or
expectation = "headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
t.inNode(n) and
h.definesHeaderValue(_, n)
)
or
expectation = "cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))
@@ -83,8 +89,14 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasPositiveTest(expectation) and
(
expectation = "responseBody" and
not exists(Http::ResponseBody n | t.inNode(n))
or
expectation = "headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
t.inNode(n) and
h.definesHeaderValue(_, n)
)
or
expectation = "cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
@@ -133,8 +145,14 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasNegativeTest(expectation) and
(
expectation = "!responseBody" and
not exists(Http::ResponseBody n | t.inNode(n))
or
expectation = "!headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
t.inNode(n) and
h.definesHeaderValue(_, n)
)
or
expectation = "!cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
@@ -183,8 +201,14 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasNegativeTest(expectation) and
(
expectation = "!responseBody" and
exists(Http::ResponseBody n | t.inNode(n))
or
expectation = "!headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
not exists(DataFlow::Node n, Http::ExplicitHeaderDefinition h |
t.inNode(n) and
h.definesHeaderValue(_, n)
)
or
expectation = "!cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))