hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

update expected output for experimental query

Browse Source
This commit is contained in:
erik-krogh
2023-01-23 22:29:49 +01:00
parent 3cece50f78
commit 49f5e89f36
2 changed files with 2 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/test/experimental/Security/CWE-918/SSRF.expected
View File

@@ -15,20 +15,10 @@ nodes
| check-path.js:19:13:19:43 | 'test.c ... tainted |
| check-path.js:19:27:19:43 | req.query.tainted |
| check-path.js:19:27:19:43 | req.query.tainted |
| check-path.js:22:13:22:63 | 'test.c ... ainted) |
| check-path.js:22:13:22:63 | 'test.c ... ainted) |
| check-path.js:22:27:22:63 | encodeU ... ainted) |
| check-path.js:22:46:22:62 | req.query.tainted |
| check-path.js:22:46:22:62 | req.query.tainted |
| check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:23:27:23:43 | req.query.tainted |
| check-path.js:23:27:23:43 | req.query.tainted |
| check-path.js:24:13:24:65 | `/addre ... nted)}` |
| check-path.js:24:13:24:65 | `/addre ... nted)}` |
| check-path.js:24:27:24:63 | encodeU ... ainted) |
| check-path.js:24:46:24:62 | req.query.tainted |
| check-path.js:24:46:24:62 | req.query.tainted |
| check-path.js:33:15:33:45 | 'test.c ... tainted |
| check-path.js:33:15:33:45 | 'test.c ... tainted |
| check-path.js:33:29:33:45 | req.query.tainted |
@@ -97,18 +87,10 @@ edges
| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted |
| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted |
| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted |
| check-path.js:22:27:22:63 | encodeU ... ainted) | check-path.js:22:13:22:63 | 'test.c ... ainted) |
| check-path.js:22:27:22:63 | encodeU ... ainted) | check-path.js:22:13:22:63 | 'test.c ... ainted) |
| check-path.js:22:46:22:62 | req.query.tainted | check-path.js:22:27:22:63 | encodeU ... ainted) |
| check-path.js:22:46:22:62 | req.query.tainted | check-path.js:22:27:22:63 | encodeU ... ainted) |
| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` |
| check-path.js:24:27:24:63 | encodeU ... ainted) | check-path.js:24:13:24:65 | `/addre ... nted)}` |
| check-path.js:24:27:24:63 | encodeU ... ainted) | check-path.js:24:13:24:65 | `/addre ... nted)}` |
| check-path.js:24:46:24:62 | req.query.tainted | check-path.js:24:27:24:63 | encodeU ... ainted) |
| check-path.js:24:46:24:62 | req.query.tainted | check-path.js:24:27:24:63 | encodeU ... ainted) |
| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted |
| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted |
| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted |
@@ -167,9 +149,7 @@ edges
| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value. |
| check-middleware.js:9:13:9:43 | "test.c ... tainted | check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:19:13:19:43 | 'test.c ... tainted | check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:22:13:22:63 | 'test.c ... ainted) | check-path.js:22:46:22:62 | req.query.tainted | check-path.js:22:13:22:63 | 'test.c ... ainted) | The URL of this request depends on a user-provided value. |
| check-path.js:23:13:23:45 | `/addre ... inted}` | check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | The URL of this request depends on a user-provided value. |
| check-path.js:24:13:24:65 | `/addre ... nted)}` | check-path.js:24:46:24:62 | req.query.tainted | check-path.js:24:13:24:65 | `/addre ... nted)}` | The URL of this request depends on a user-provided value. |
| check-path.js:33:15:33:45 | 'test.c ... tainted | check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:37:15:37:45 | 'test.c ... tainted | check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | The URL of this request depends on a user-provided value. |
| check-path.js:45:13:45:44 | `${base ... inted}` | check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | The URL of this request depends on a user-provided value. |

4
javascript/ql/test/experimental/Security/CWE-918/check-path.js
View File

@@ -19,9 +19,9 @@ app.get('/check-with-axios', req => {
axios.get('test.com/' + req.query.tainted); // SSRF
axios.get('test.com/' + Number(req.query.tainted)); // OK
axios.get('test.com/' + req.user.id); // OK
axios.get('test.com/' + encodeURIComponent(req.query.tainted)); // SSRF
axios.get('test.com/' + encodeURIComponent(req.query.tainted)); // OK
axios.get(`/addresses/${req.query.tainted}`); // SSRF
axios.get(`/addresses/${encodeURIComponent(req.query.tainted)}`); // SSRF
axios.get(`/addresses/${encodeURIComponent(req.query.tainted)}`); // OK
if (Number.isInteger(req.query.tainted)) {
axios.get('test.com/' + req.query.tainted); // OK