Merge pull request #9021 from erik-krogh/actions

JS: promote `js/actions/injection` out of experimental
2026-05-01 03:35:13 +02:00 · 2022-05-12 14:38:38 +02:00
parent 7cd51d6147 fef4455ccc
commit 4bef451156
14 changed files with 379 additions and 360 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml
+++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml
@@ -0,0 +1,8 @@
+on: issue_comment
+
+jobs:
+  echo-chamber:
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        echo '${{ github.event.comment.body }}'
--- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected
@@ -0,0 +1 @@
+| .github/workflows/comment_issue.yml:7:12:8:47 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |
--- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.qlref
@@ -0,0 +1 @@
+Security/CWE-094/ExpressionInjection.ql
--- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js
+++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js
@@ -0,0 +1 @@
+console.log('test')
				`@@ -0,0 +1 @@`
				`\| .github/workflows/comment_issue.yml:7:12:8:47 \| \\| \| Potential injection from the github.event.comment.body context, which may be controlled by an external user. \|`