hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Restrict edges to only contain nodes.

Browse Source
This commit is contained in:
Max Schaefer
2019-10-18 16:42:26 +01:00
parent 6e6dab9ab8
commit 6964945c74
17 changed files with 1 additions and 1985 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -1062,5 +1062,5 @@ module PathGraph {
}
/** Holds if `pred` → `succ` is an edge in the graph of data flow path explanations. */
query predicate edges(PathNode pred, PathNode succ) { pred.getASuccessor() = succ }
query predicate edges(PathNode pred, PathNode succ) { pred.getASuccessor() = succ and nodes(pred) and nodes(succ) }
}

1872
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

7
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -86,16 +86,11 @@ edges
| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:25:13:25:23 | "foo" + cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:23 | "foo" + cmd |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:5:39:5 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
@@ -105,9 +100,7 @@ edges
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr | execSeries.js:5:4:5:3 | arr |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:5:4:5:3 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command |
| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands |

3
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected
View File

@@ -56,13 +56,10 @@ nodes
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:5:39:5 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |

3
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected
View File

@@ -24,13 +24,10 @@ nodes
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:5:39:5 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:5:39:5 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |

7
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -45,16 +45,9 @@ nodes
| tst2.js:21:14:21:14 | p |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:3:11:3 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:36 | req.que ... p + "(" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:47 | req.que ... esponse |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:36 | req.que ... p + "(" | etherpad.js:9:16:9:47 | req.que ... esponse |
| etherpad.js:9:16:9:36 | req.que ... p + "(" | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:47 | req.que ... esponse | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| etherpad.js:11:3:11:3 | response | etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |

14
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -212,8 +212,6 @@ edges
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:7:5:7:26 | "<div i ... tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:26 | "<div i ... tainted |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
@@ -261,13 +259,9 @@ edges
| tst.js:2:7:2:39 | target | tst.js:23:42:23:47 | target |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:8:18:8:114 | "<OPTIO ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:114 | "<OPTIO ... t=")+8) |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:12:5:12:33 | '<div s ... target | tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:28:12:33 | target | tst.js:12:5:12:33 | '<div s ... target |
| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:23:42:23:47 | target | tst.js:23:42:23:60 | target.substring(1) |
@@ -297,9 +291,7 @@ edges
| tst.js:73:1:73:27 | [,docum ... search] | tst.js:73:46:73:46 | x |
| tst.js:73:3:73:19 | document.location | tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:3:73:26 | documen ... .search | tst.js:73:1:73:27 | [,docum ... search] |
| tst.js:73:46:73:46 | x | tst.js:74:7:74:7 | x |
| tst.js:73:46:73:46 | x | tst.js:76:20:76:20 | x |
| tst.js:74:7:74:7 | x | tst.js:76:20:76:20 | x |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
@@ -329,9 +321,7 @@ edges
| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:200:20:200:19 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:201:35:201:41 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:203:27:203:26 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:203:46:203:52 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:204:38:204:44 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:205:35:205:41 | tainted |
@@ -342,11 +332,7 @@ edges
| tst.js:194:9:194:42 | tainted | tst.js:252:23:252:29 | tainted |
| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
| tst.js:194:19:194:42 | documen ... .search | tst.js:194:9:194:42 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:201:35:201:41 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:204:38:204:44 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:205:35:205:41 | tainted |
| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:203:27:203:26 | tainted | tst.js:203:46:203:52 | tainted |
| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |

19
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -64,38 +64,27 @@ nodes
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id |
edges
| mongodb.js:12:11:12:20 | query | mongodb.js:14:59:14:58 | query |
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:14:59:14:58 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query |
| mongodb.js:14:59:14:58 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title | mongodb.js:27:11:27:35 | title |
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title |
| mongodb.js:27:11:27:35 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:48:11:48:20 | query | mongodb.js:50:59:50:58 | query |
| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query |
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:50:59:50:58 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:50:59:50:58 | query | mongodb.js:54:16:54:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:25:59:25:58 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:25:59:25:58 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:25:59:25:58 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
@@ -142,19 +131,11 @@ edges
| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
| tst2.js:9:27:9:78 | "select ... rams.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:78 | "select ... rams.id |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst3.js:8:7:9:55 | query1 | tst3.js:10:14:10:19 | query1 |
| tst3.js:8:16:9:34 | "SELECT ... ategory | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst3.js:8:16:9:55 | "SELECT ... PRICE" | tst3.js:8:7:9:55 | query1 |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:34 | "SELECT ... ategory |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst4.js:8:10:8:60 | 'SELECT ... rams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:60 | 'SELECT ... rams.id |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst.js:10:10:10:58 | 'SELECT ... rams.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:58 | 'SELECT ... rams.id |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
#select
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |

6
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
View File

@@ -71,14 +71,8 @@ edges
| angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| express.js:7:24:7:62 | "return ... obble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:62 | "return ... obble") |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:34:9:72 | "return ... obble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:72 | "return ... obble") |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:8:12:46 | "return ... obble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:46 | "return ... obble") |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |

6
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
View File

@@ -74,14 +74,8 @@ edges
| angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| express.js:7:24:7:62 | "return ... obble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:62 | "return ... obble") |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:34:9:72 | "return ... obble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:72 | "return ... obble") |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:8:12:46 | "return ... obble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:46 | "return ... obble") |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |

8
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
View File

@@ -58,10 +58,8 @@ edges
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:53:13:52 | buffer |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:13:53:13:52 | buffer | bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData |
@@ -70,9 +68,7 @@ edges
| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data |
| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) |
| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:55:6:55:9 | data |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:55:6:55:9 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring |
| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data |
@@ -85,13 +81,9 @@ edges
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} |
| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:28:52:28:55 | data | request.js:34:6:34:9 | data |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data |
| request.js:34:6:34:9 | data | request.js:35:14:35:17 | data |
| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData |
| request.js:43:51:43:54 | data | request.js:49:6:49:9 | data |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data |
| request.js:49:6:49:9 | data | request.js:50:13:50:16 | data |
| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content |

15
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
View File

@@ -68,22 +68,9 @@ edges
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url |
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url |
| koa.js:6:6:6:27 | url | koa.js:10:40:10:42 | url |
| koa.js:6:6:6:27 | url | koa.js:10:40:10:42 | url |
| koa.js:6:6:6:27 | url | koa.js:10:51:10:51 | url |
| koa.js:6:6:6:27 | url | koa.js:11:6:11:8 | url |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:10:40:10:42 | url | koa.js:10:51:10:51 | url |
| koa.js:10:40:10:42 | url | koa.js:10:51:10:51 | url |
| koa.js:10:40:10:42 | url | koa.js:11:6:11:8 | url |
| koa.js:10:40:10:42 | url | koa.js:11:6:11:8 | url |
| koa.js:10:40:10:42 | url | koa.js:14:16:14:18 | url |
| koa.js:10:40:10:42 | url | koa.js:14:16:14:18 | url |
| koa.js:10:51:10:51 | url | koa.js:11:6:11:8 | url |
| koa.js:10:51:10:51 | url | koa.js:14:16:14:18 | url |
| koa.js:11:6:11:8 | url | koa.js:14:16:14:18 | url |
| node.js:6:7:6:52 | target | node.js:7:34:7:39 | target |
| node.js:6:16:6:39 | url.par ... , true) | node.js:6:16:6:45 | url.par ... ).query |
| node.js:6:16:6:45 | url.par ... ).query | node.js:6:16:6:52 | url.par ... .target |
@@ -100,9 +87,7 @@ edges
| node.js:29:16:29:45 | url.par ... ).query | node.js:29:16:29:52 | url.par ... .target |
| node.js:29:16:29:52 | url.par ... .target | node.js:29:7:29:52 | target |
| node.js:29:26:29:32 | req.url | node.js:29:16:29:39 | url.par ... , true) |
| node.js:32:34:32:39 | target | node.js:32:34:32:50 | target + "?from=" |
| node.js:32:34:32:39 | target | node.js:32:34:32:55 | target ... =" + me |
| node.js:32:34:32:50 | target + "?from=" | node.js:32:34:32:55 | target ... =" + me |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |

2
javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected
View File

@@ -17,8 +17,6 @@ nodes
edges
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:9:34:9:73 | "//user ... serName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:73 | "//user ... serName |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| tst2.js:1:13:1:29 | document.location | tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |

4
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -45,8 +45,6 @@ edges
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:8:23:8:33 | "\\\\b" + key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:33 | "\\\\b" + key |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
@@ -60,9 +58,7 @@ edges
| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data |
| tst.js:2:16:2:16 | e | tst.js:2:16:2:21 | e.data |
| tst.js:2:16:2:21 | e.data | tst.js:2:9:2:21 | data |
| tst.js:3:16:3:29 | "^"+ data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:21:3:24 | data | tst.js:3:21:3:29 | data.name |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:29 | "^"+ data.name |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
#select
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |

3
javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected
View File

@@ -97,15 +97,12 @@ edges
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:19:9:19:31 | fn |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:19:9:19:31 | fn | tst.js:20:7:20:8 | fn |
| tst.js:19:9:19:31 | fn | tst.js:22:11:22:12 | fn |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |

13
javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected
View File

@@ -17,28 +17,15 @@ nodes
edges
| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:10:5:10:4 | foo |
| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo |
| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo |
| tst.js:5:9:5:27 | foo | tst.js:30:9:30:31 | foo |
| tst.js:5:9:5:27 | foo | tst.js:30:9:30:31 | foo |
| tst.js:5:9:5:27 | foo | tst.js:35:5:35:5 | foo |
| tst.js:5:9:5:27 | foo | tst.js:36:9:36:11 | foo |
| tst.js:5:9:5:27 | foo | tst.js:41:5:41:7 | foo |
| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo |
| tst.js:10:5:10:4 | foo | tst.js:11:9:11:11 | foo |
| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar |
| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar |
| tst.js:30:9:30:31 | foo | tst.js:35:5:35:5 | foo |
| tst.js:30:9:30:31 | foo | tst.js:35:5:35:5 | foo |
| tst.js:30:9:30:31 | foo | tst.js:36:9:36:11 | foo |
| tst.js:30:9:30:31 | foo | tst.js:36:9:36:11 | foo |
| tst.js:30:9:30:31 | foo | tst.js:41:5:41:7 | foo |
| tst.js:30:9:30:31 | foo | tst.js:41:5:41:7 | foo |
| tst.js:35:5:35:5 | foo | tst.js:36:9:36:11 | foo |
| tst.js:35:5:35:5 | foo | tst.js:41:5:41:7 | foo |
| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo |
| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo |
#select

2
javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
View File

@@ -9,9 +9,7 @@ edges
| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d |
| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c |
| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c |
| tst.js:15:26:15:26 | c | tst.js:23:27:23:26 | c |
| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c |
| tst.js:23:27:23:26 | c | tst.js:24:22:24:22 | c |
#select
| HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | $@ flows to file system | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data |
| tst.js:16:33:16:33 | c | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |