Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74

2026-04-30 19:26:02 +02:00 · 2020-02-20 12:09:06 +01:00
parent 56e5bd50f6 8b277f7226
commit 63036aa444
166 changed files with 16806 additions and 13037 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.expected
@@ -0,0 +1,263 @@
+nodes
+| unsafe-jquery-plugin.js:2:38:2:44 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options |
+| unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target |
+| unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:11:16:11:29 | options.target |
+| unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:71:38:71:44 | options |
+| unsafe-jquery-plugin.js:71:38:71:44 | options |
+| unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:76:38:76:44 | options |
+| unsafe-jquery-plugin.js:76:38:76:44 | options |
+| unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:84:38:84:44 | options |
+| unsafe-jquery-plugin.js:84:38:84:44 | options |
+| unsafe-jquery-plugin.js:85:14:85:14 | o |
+| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:22:86:23 | {} |
+| unsafe-jquery-plugin.js:86:26:86:26 | o |
+| unsafe-jquery-plugin.js:87:8:87:24 | t |
+| unsafe-jquery-plugin.js:87:12:87:17 | this.o |
+| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
+| unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options |
+| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
+| unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:106:5:106:11 | options |
+| unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:107:5:107:11 | options |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:114:38:114:44 | options |
+| unsafe-jquery-plugin.js:114:38:114:44 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options |
+| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:22:115:23 | {} |
+| unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:116:5:116:11 | options |
+| unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:117:5:117:11 | options |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:121:40:121:46 | options |
+| unsafe-jquery-plugin.js:121:40:121:46 | options |
+| unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:126:33:126:39 | options |
+| unsafe-jquery-plugin.js:126:33:126:39 | options |
+| unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:131:34:131:40 | options |
+| unsafe-jquery-plugin.js:131:34:131:40 | options |
+| unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:135:36:135:42 | options |
+| unsafe-jquery-plugin.js:135:36:135:42 | options |
+| unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:153:38:153:44 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options |
+| unsafe-jquery-plugin.js:154:7:154:29 | target |
+| unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:154:16:154:29 | options.target |
+| unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:160:38:160:44 | options |
+| unsafe-jquery-plugin.js:160:38:160:44 | options |
+| unsafe-jquery-plugin.js:165:7:165:29 | target |
+| unsafe-jquery-plugin.js:165:16:165:22 | options |
+| unsafe-jquery-plugin.js:165:16:165:29 | options.target |
+| unsafe-jquery-plugin.js:170:6:170:11 | target |
+| unsafe-jquery-plugin.js:170:6:170:11 | target |
+| unsafe-jquery-plugin.js:178:27:178:33 | options |
+| unsafe-jquery-plugin.js:178:27:178:33 | options |
+| unsafe-jquery-plugin.js:179:5:179:11 | options |
+| unsafe-jquery-plugin.js:179:5:179:18 | options.target |
+| unsafe-jquery-plugin.js:179:5:179:18 | options.target |
+edges
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target |
+| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target |
+| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
+| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
+| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o |
+| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o |
+| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} |
+| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
+| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t |
+| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o |
+| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:106:5:106:11 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options |
+| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options |
+| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
+| unsafe-jquery-plugin.js:106:5:106:11 | options | unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:106:5:106:11 | options | unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:116:5:116:11 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options |
+| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options |
+| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} |
+| unsafe-jquery-plugin.js:116:5:116:11 | options | unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:116:5:116:11 | options | unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target |
+| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:154:7:154:29 | target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options |
+| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options |
+| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target |
+| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target |
+| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:16:165:29 | options.target |
+| unsafe-jquery-plugin.js:165:16:165:29 | options.target | unsafe-jquery-plugin.js:165:7:165:29 | target |
+| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options |
+| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options |
+| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target |
+| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target |
+#select
+| unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:22:6:22:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:22:6:22:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:30:6:30:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:30:6:30:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:36:6:36:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:36:6:36:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:40:6:40:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:40:6:40:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:48:6:48:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:48:6:48:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:52:6:52:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:52:6:52:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:60:6:60:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:60:6:60:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... / OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:90:6:90:6 | t | unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:90:6:90:6 | t | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:84:19:93:2 | functio ... ns);\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:131:15:133:2 | functio ... T OK\\n\\t} | '$.fn.affix' plugin |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:135:17:137:2 | functio ... T OK\\n\\t} | '$.fn.tooltip' plugin |
+| unsafe-jquery-plugin.js:155:33:155:38 | target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:155:33:155:38 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:170:6:170:11 | target | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:170:6:170:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:160:19:173:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.qlref
@@ -0,0 +1 @@
+Security/CWE-079/UnsafeJQueryPlugin.ql
--- a/javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js
@@ -0,0 +1,185 @@
+(function(){
+	$.fn.my_plugin = function my_plugin(options) {
+		$(options); // NOT OK (or is it?)
+
+		$(options.target); // NOT OK
+
+		if (isElement(options.target)) {
+			$(options.target); // OK
+		}
+
+		var target = options.target;
+
+		if (isElement(target)) {
+			$(target); // OK
+		}
+
+		if (typeof target != "string") {
+			$(target); // OK
+		}
+
+		if (target.jquery === undefined) {
+			$(target); // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (target.jquery !== undefined) {
+			$(target); // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (typeof target.jquery !== "undefined") {
+			$(target); // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (typeof target.jquery === "undefined") {
+			$(target); // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (target.jquery) {
+			$(target);  // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (!target.jquery) {
+			$(target);  // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (!!target.jquery) {
+			$(target);  // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+	};
+
+	$.fn.my_plugin = function my_plugin(element, options) {
+		this.$element      = $(element);
+		this.options       = $.extend({}, options);
+		if (this.options.parent) this.$parent = $(this.options.parent) // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$(options.foo.bar.baz); // NOT OK
+		$(options.html); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$(x).appendTo(options.foo.bar.baz); // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$("#" + options.target); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		function f(o) {
+			this.o = $.extend({}, o);
+			var t = this.o.target;
+
+			console.log(t);
+			$(t); // NOT OK
+		}
+		f(options);
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		var target = options.target;
+		if (safe.has(target))
+			$(target); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		options = $.extend({
+			menu: '<div></div>',
+			target: '.my_plugin'
+		}, options);
+		$(options.menu); // OK
+		$(options.target); // NOT OK
+	};
+
+	$.fn.my_plugin.defaults = {
+		menu: '<div></div>',
+		target: '.my_plugin'
+	};
+	$.fn.my_plugin = function my_plugin(options) {
+		options = $.extend({}, $.fn.my_plugin.defaults, options);
+		$(options.menu); // OK
+		$(options.target); // NOT OK
+	};
+
+	var pluginName = "my_plugin";
+	$.fn[pluginName] = function my_plugin(options) {
+		$(options.target); // NOT OK
+	};
+
+	$.extend($.fn, {
+		my_plugin: function my_plugin(options) {
+			$(options.target); // NOT OK
+		}
+	});
+
+	$.fn.affix = function my_plugin(options) {
+		$(options.target); // NOT OK
+	};
+
+	$.fn.tooltip = function my_plugin(options) {
+		$(options.viewport.selector); // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		let intentional1 = options.target || `<div>hello</div>`;
+		$(intentional1); // OK
+
+		let intentional2 = `<div>${options.target}</div>`;
+		$(intentional2); // OK
+
+		let intentional3 = `<div>` + options.target `</div>`;
+		$(intentional3); // OK
+
+		let unintentional = `<div class="${options.target}"></div>`;
+		$(unintentional); // OK - but should be flagged by another query
+	}
+
+	$.fn.my_plugin = function my_plugin(options) {
+		let target = options.target;
+		target === DEFAULTS.target? $(target): $(document).find(target); // OK - but still flagged
+		options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // OK - but still flagged
+		options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - but still flagged
+	}
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$(anyPrefix + options.target); // OK (unlikely to be a html/css prefix confusion)
+
+		$(something.replace("%PLACEHOLDER%", options.target)); // OK (unlikely to be a html/css prefix confusion);
+
+		let target = options.target;
+		if (target.foo) {
+			$(target); // OK (unlikely to be a string)
+		}
+		if (target.length) {
+			$(target); // NOT OK (can still be a string)
+		}
+
+	}
+
+	function setupPlugin(o) {
+		$.fn.my_plugin = o.f
+	}
+	setupPlugin({f: function(options) {
+		$(options.target); // NOT OK
+	}});
+	setupPlugin({f:function(options) {
+		$(document).find(options.target); // OK
+	}});
+
+});