Added test cases for react-relay functions that retrieve data

2026-04-26 01:05:15 +02:00 · 2025-03-06 13:38:14 +01:00
parent 89040d0d06
commit 5a1991bb69
2 changed files with 159 additions and 26 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected
@@ -1,6 +1,6 @@
 #select
 | test.jsx:27:29:27:32 | data | test.jsx:5:28:5:63 | fetch(" ... ntent") | test.jsx:27:29:27:32 | data | Cross-site scripting vulnerability due to $@. | test.jsx:5:28:5:63 | fetch(" ... ntent") | user-provided value |
-| testReactRelay.tsx:19:47:19:62 | commentData.text | testReactRelay.tsx:5:23:13:3 | useFrag ... Ref\\n  ) | testReactRelay.tsx:19:47:19:62 | commentData.text | Cross-site scripting vulnerability due to $@. | testReactRelay.tsx:5:23:13:3 | useFrag ... Ref\\n  ) | user-provided value |
+| testReactRelay.tsx:7:43:7:58 | commentData.text | testReactRelay.tsx:5:23:5:52 | useFrag ... entRef) | testReactRelay.tsx:7:43:7:58 | commentData.text | Cross-site scripting vulnerability due to $@. | testReactRelay.tsx:5:23:5:52 | useFrag ... entRef) | user-provided value |
 edges
 | test.jsx:5:11:5:63 | response | test.jsx:6:24:6:31 | response | provenance |  |
 | test.jsx:5:22:5:63 | await f ... ntent") | test.jsx:5:11:5:63 | response | provenance |  |
@@ -11,9 +11,9 @@ edges
 | test.jsx:6:24:6:38 | response.json() | test.jsx:6:18:6:38 | await r ... .json() | provenance |  |
 | test.jsx:7:12:7:15 | data | test.jsx:15:11:17:5 | data | provenance |  |
 | test.jsx:15:11:17:5 | data | test.jsx:27:29:27:32 | data | provenance |  |
-| testReactRelay.tsx:5:9:13:3 | commentData | testReactRelay.tsx:19:47:19:57 | commentData | provenance |  |
-| testReactRelay.tsx:5:23:13:3 | useFrag ... Ref\\n  ) | testReactRelay.tsx:5:9:13:3 | commentData | provenance |  |
-| testReactRelay.tsx:19:47:19:57 | commentData | testReactRelay.tsx:19:47:19:62 | commentData.text | provenance |  |
+| testReactRelay.tsx:5:9:5:52 | commentData | testReactRelay.tsx:7:43:7:53 | commentData | provenance |  |
+| testReactRelay.tsx:5:23:5:52 | useFrag ... entRef) | testReactRelay.tsx:5:9:5:52 | commentData | provenance |  |
+| testReactRelay.tsx:7:43:7:53 | commentData | testReactRelay.tsx:7:43:7:58 | commentData.text | provenance |  |
 nodes
 | test.jsx:5:11:5:63 | response | semmle.label | response |
 | test.jsx:5:22:5:63 | await f ... ntent") | semmle.label | await f ... ntent") |
@@ -25,8 +25,26 @@ nodes
 | test.jsx:7:12:7:15 | data | semmle.label | data |
 | test.jsx:15:11:17:5 | data | semmle.label | data |
 | test.jsx:27:29:27:32 | data | semmle.label | data |
-| testReactRelay.tsx:5:9:13:3 | commentData | semmle.label | commentData |
-| testReactRelay.tsx:5:23:13:3 | useFrag ... Ref\\n  ) | semmle.label | useFrag ... Ref\\n  ) |
-| testReactRelay.tsx:19:47:19:57 | commentData | semmle.label | commentData |
-| testReactRelay.tsx:19:47:19:62 | commentData.text | semmle.label | commentData.text |
+| testReactRelay.tsx:5:9:5:52 | commentData | semmle.label | commentData |
+| testReactRelay.tsx:5:23:5:52 | useFrag ... entRef) | semmle.label | useFrag ... entRef) |
+| testReactRelay.tsx:7:43:7:53 | commentData | semmle.label | commentData |
+| testReactRelay.tsx:7:43:7:58 | commentData.text | semmle.label | commentData.text |
 subpaths
+testFailures
+| testReactRelay.tsx:17:45:17:64 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:18:77:18:95 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:28:70:28:88 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:37:43:37:62 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:38:61:38:79 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:44:73:44:92 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:47:57:47:75 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:69:41:69:60 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:70:61:70:79 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:82:25:82:44 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:87:71:87:89 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:99:24:99:43 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:112:68:112:86 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:123:23:123:42 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:126:46:126:64 | // $ Missing: Alert | Missing result: Alert |
+| testReactRelay.tsx:135:42:135:61 | // $ Missing: Source | Missing result: Source |
+| testReactRelay.tsx:136:63:136:81 | // $ Missing: Alert | Missing result: Alert |
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testReactRelay.tsx
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testReactRelay.tsx
@@ -1,22 +1,137 @@
-import React from 'react';
+import React, { useState } from "react";
 import { useFragment } from 'react-relay';

-const CommentComponent = ({ commentRef }) => {
-  const commentData = useFragment(
-    graphql`
-      fragment CommentComponent_comment on Comment {
-        id
-        text
-      }
-    `,
-    commentRef
-  ); // $ Source=[js/xss]
-
+const func1 = ({ commentRef, query }) => {
+  const commentData = useFragment(query, commentRef); // $ Source=[js/xss]
  return (
-    <div>
-      <h3>Comment:</h3>
-      {/* Directly rendering user input without sanitation */}
-      <p dangerouslySetInnerHTML = {{ __html: commentData.text}}> {commentData.text}</p> // $ Alert=[js/xss]
-    </div> 
-  );
+    <p dangerouslySetInnerHTML={{ __html: commentData.text }}> // $ Alert=[js/xss]
+      {" "}
+      {commentData.text}
+    </p>
+  ); 
 };
+
+import { useLazyLoadQuery } from "react-relay";
+
+function func2({ query }) {
+  const data = useLazyLoadQuery(query, {}); // $ Missing: Source
+  return <p dangerouslySetInnerHTML={{ __html: data.comments[0].text }} />; // $ Missing: Alert
+}
+
+import { useQueryLoader, usePreloadedQuery } from "react-relay";
+
+function func3({ initialQueryRef, query }) {
+  const [queryReference, loadQuery] = useQueryLoader(query, initialQueryRef);
+  return (
+    <h1
+      dangerouslySetInnerHTML={{
+        __html: usePreloadedQuery(query, queryReference).user?.name, // $ Missing: Alert
+      }}
+    />
+  ); 
+}
+
+import { useClientQuery } from "react-relay";
+
+function func4({ query }) {
+  const data = useClientQuery(query, {}); // $ Missing: Source
+  return <h1 dangerouslySetInnerHTML={{ __html: data }} />; // $ Missing: Alert
+}
+
+import { useRefetchableFragment } from "react-relay";
+
+function func5({ query, props }) {
+  const [data, refetch] = useRefetchableFragment(query, props.comment); // $ Missing: Source
+  return (
+    <>
+      <h1 dangerouslySetInnerHTML={{ __html: data }} /> // $ Missing: Alert
+      <Button
+        onClick={() => {
+          refetch({ lang: "SPANISH" }, { fetchPolicy: "store-or-network" });
+        }}
+      ></Button>
+    </>
+  );
+}
+
+import { usePaginationFragment } from "react-relay";
+
+function func6({ query }) {
+  const {
+    data,
+    loadNext,
+    loadPrevious,
+    hasNext,
+    hasPrevious,
+    isLoadingNext,
+    isLoadingPrevious,
+    refetch,
+  } = usePaginationFragment(query, {}); // $ Missing: Source
+  return <h1 dangerouslySetInnerHTML={{ __html: data }} />; // $ Missing: Alert
+}
+
+
+import { useMutation } from 'react-relay';
+import type { FeedbackLikeMutation } from './FeedbackLikeMutation.graphql';
+
+function func7(query) {
+  const [commit, inFlight] = useMutation<FeedbackLikeMutation>(query);
+  const [feedbackText, setFeedbackText] = useState('');
+  
+  commit({
+    onCompleted(data) { // $ Missing: Source
+      setFeedbackText(data);
+    },
+  });
+
+  return (<div dangerouslySetInnerHTML={{__html: feedbackText, }}/>); // $ Missing: Alert
+}
+
+import { useSubscription } from 'react-relay';
+import { useMemo } from 'react';
+
+function func8({GroupLessonsSubscription}) {
+  const [fragmentRef, setFragmentRef] = useState();
+
+  const groupLessonConfig = useMemo(() => ({
+    subscription: GroupLessonsSubscription,
+    variables: {},
+    onNext: (res) => { // $ Missing: Source
+      setFragmentRef(res);
+    },
+    onError: (err) => {
+      console.error('Error with subscription:', err);
+    },
+    onCompleted: () => {
+      console.log('Subscription completed');
+    },
+  }), []);
+
+  useSubscription(groupLessonConfig);
+
+return (<div dangerouslySetInnerHTML={{__html: fragmentRef, }}/>); // $ Missing: Alert
+}
+
+
+import { fetchQuery } from 'react-relay'
+
+function func9({query, environment}) {
+  fetchQuery(environment, query,{id: 4},).subscribe({
+    start: () => {},
+    complete: () => {},
+    error: (error) => {},
+    next: (data) => { // $ Missing: Source
+      const outputElement = document.getElementById('output');
+      if (outputElement) {
+        outputElement.innerHTML = data.user; // $ Missing: Alert
+      }
+    }
+  });
+}
+
+import { readFragment } from "relay-runtime";
+
+function func10({ query, key }) {
+  const data = readFragment(query, key); // $ Missing: Source
+  return (<h1 dangerouslySetInnerHTML={{ __html: data }} />); // $ Missing: Alert
+}