hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

update consistency comments for CWE-611

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-07-08 10:03:03 +02:00
parent 1f1c09af02
commit 5a87628478
3 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected
View File

@@ -10,12 +10,12 @@ nodes
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
edges
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
@@ -25,11 +25,11 @@ edges
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
#select
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:29 | document.location | domparser.js:11:55:11:57 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:29 | document.location | domparser.js:14:57:14:59 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | user-provided value |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | user-provided value |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | A $@ is parsed as XML without guarding against external entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |

3
javascript/ql/test/query-tests/Security/CWE-611/libxml.sax.js
View File

@@ -2,7 +2,6 @@ const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
// NOT OK: the SAX parser expands external entities by default
const parser = new libxmljs.SaxParser();
parser.parseString(req.param("some-xml"));
parser.parseString(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
});

3
javascript/ql/test/query-tests/Security/CWE-611/libxml.saxpush.js
View File

@@ -2,7 +2,6 @@ const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
// NOT OK: the SAX parser expands external entities by default
const parser = new libxmljs.SaxPushParser();
parser.push(req.param("some-xml"));
parser.push(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
});