hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix test expectations

Browse Source
This commit is contained in:
Ed Minnix
2024-02-21 13:19:43 -05:00
parent 4dc605354c
commit 45e1be875c
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected
View File

@@ -5,4 +5,4 @@ nodes
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String |
subpaths
#select
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:22:60:22:86 | call to method GetString | stored (potentially user-provided) value |
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:22:60:22:86 | call to method GetString : String | User-provided value |

27
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected
View File

@@ -1,5 +1,16 @@
edges
<<<<<<< HEAD
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | |
=======
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | provenance | |
| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | provenance | |
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | |
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | |
| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | provenance | |
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | |
| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | |
>>>>>>> 1ebb89f785 (Fix test expectations)
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | |
| SqlInjection.cs:33:21:33:40 | access to property Text : String | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | provenance | |
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | |
@@ -50,7 +61,20 @@ edges
| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | |
| SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | |
nodes
<<<<<<< HEAD
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | semmle.label | access to local variable query1 : String |
=======
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | semmle.label | ... + ... |
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | semmle.label | call to method GetString : String |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | semmle.label | object creation of type FileStream : FileStream |
| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | semmle.label | object creation of type StreamReader : StreamReader |
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | semmle.label | access to local variable fs : FileStream |
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | semmle.label | access to local variable sr : StreamReader |
| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | semmle.label | access to local variable sql : String |
| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | semmle.label | call to method Trim : String |
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | semmle.label | access to local variable sql |
>>>>>>> 1ebb89f785 (Fix test expectations)
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
| SqlInjection.cs:33:21:33:40 | access to property Text : String | semmle.label | access to property Text : String |
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | semmle.label | access to local variable query1 |
@@ -118,6 +142,8 @@ nodes
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql |
subpaths
#select
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | this database input |
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
@@ -136,4 +162,5 @@ subpaths
| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |