hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fixup the test expectations

Browse Source
This commit is contained in:
Asger F
2024-12-04 13:08:28 +01:00
parent f8ff504f5c
commit 712c69ebc8
5 changed files with 72 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -41,16 +41,16 @@ nodes
| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search | semmle.label | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search |
| tst12.js:3:9:3:50 | urlParts | semmle.label | urlParts |
| tst12.js:3:9:3:50 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
| tst12.js:3:20:3:39 | window.location.hash | semmle.label | window.location.hash |
| tst12.js:3:20:3:50 | window. ... it('?') | semmle.label | window. ... it('?') |
| tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | semmle.label | window. ... it('?') [ArrayElement] |
| tst12.js:4:9:4:45 | loc | semmle.label | loc |
| tst12.js:4:15:4:22 | urlParts | semmle.label | urlParts |
| tst12.js:4:15:4:22 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
| tst12.js:4:15:4:25 | urlParts[0] | semmle.label | urlParts[0] |
| tst12.js:5:23:5:25 | loc | semmle.label | loc |
| tst12.js:2:9:2:50 | urlParts | semmle.label | urlParts |
| tst12.js:2:9:2:50 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
| tst12.js:2:20:2:39 | window.location.hash | semmle.label | window.location.hash |
| tst12.js:2:20:2:50 | window. ... it('?') | semmle.label | window. ... it('?') |
| tst12.js:2:20:2:50 | window. ... it('?') [ArrayElement] | semmle.label | window. ... it('?') [ArrayElement] |
| tst12.js:3:9:3:45 | loc | semmle.label | loc |
| tst12.js:3:15:3:22 | urlParts | semmle.label | urlParts |
| tst12.js:3:15:3:22 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
| tst12.js:3:15:3:25 | urlParts[0] | semmle.label | urlParts[0] |
| tst12.js:4:23:4:25 | loc | semmle.label | loc |
| tst13.js:2:9:2:52 | payload | semmle.label | payload |
| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search |
| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
@@ -109,16 +109,20 @@ nodes
| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href |
| typed.ts:4:13:4:36 | params | semmle.label | params |
| typed.ts:4:13:4:49 | params | semmle.label | params |
| typed.ts:4:22:4:36 | location.search | semmle.label | location.search |
| typed.ts:4:22:4:49 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
| typed.ts:5:25:5:30 | params | semmle.label | params |
| typed.ts:7:24:7:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:8:33:8:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:25:25:25:34 | loc.search | semmle.label | loc.search |
| typed.ts:25:25:25:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) |
| typed.ts:28:24:28:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:29:33:29:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:47:25:47:34 | loc.search | semmle.label | loc.search |
| typed.ts:47:25:47:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) |
| typed.ts:48:26:48:36 | loc2.search | semmle.label | loc2.search |
| typed.ts:48:26:48:49 | loc2.se ... ring(1) | semmle.label | loc2.se ... ring(1) |
| typed.ts:51:24:51:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:52:33:52:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri |
@@ -149,16 +153,16 @@ edges
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | provenance | |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | provenance | |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | provenance | |
| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | provenance | |
| tst12.js:3:9:3:50 | urlParts [ArrayElement] | tst12.js:4:15:4:22 | urlParts [ArrayElement] | provenance | |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | provenance | |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | provenance | |
| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | provenance | |
| tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | tst12.js:3:9:3:50 | urlParts [ArrayElement] | provenance | |
| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | provenance | |
| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | provenance | |
| tst12.js:4:15:4:22 | urlParts [ArrayElement] | tst12.js:4:15:4:25 | urlParts[0] | provenance | |
| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:9:4:45 | loc | provenance | |
| tst12.js:2:9:2:50 | urlParts | tst12.js:3:15:3:22 | urlParts | provenance | |
| tst12.js:2:9:2:50 | urlParts [ArrayElement] | tst12.js:3:15:3:22 | urlParts [ArrayElement] | provenance | |
| tst12.js:2:20:2:39 | window.location.hash | tst12.js:2:20:2:50 | window. ... it('?') | provenance | |
| tst12.js:2:20:2:39 | window.location.hash | tst12.js:2:20:2:50 | window. ... it('?') [ArrayElement] | provenance | |
| tst12.js:2:20:2:50 | window. ... it('?') | tst12.js:2:9:2:50 | urlParts | provenance | |
| tst12.js:2:20:2:50 | window. ... it('?') [ArrayElement] | tst12.js:2:9:2:50 | urlParts [ArrayElement] | provenance | |
| tst12.js:3:9:3:45 | loc | tst12.js:4:23:4:25 | loc | provenance | |
| tst12.js:3:15:3:22 | urlParts | tst12.js:3:9:3:45 | loc | provenance | |
| tst12.js:3:15:3:22 | urlParts [ArrayElement] | tst12.js:3:15:3:25 | urlParts[0] | provenance | |
| tst12.js:3:15:3:25 | urlParts[0] | tst12.js:3:9:3:45 | loc | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | |
@@ -203,14 +207,18 @@ edges
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config |
| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | |
| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config |
| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | provenance | |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | provenance | |
| typed.ts:4:13:4:49 | params | typed.ts:5:25:5:30 | params | provenance | |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:22:4:49 | locatio ... ring(1) | provenance | |
| typed.ts:4:22:4:49 | locatio ... ring(1) | typed.ts:4:13:4:49 | params | provenance | |
| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | provenance | |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | provenance | |
| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | provenance | |
| typed.ts:25:25:25:34 | loc.search | typed.ts:25:25:25:47 | loc.sea ... ring(1) | provenance | |
| typed.ts:25:25:25:47 | loc.sea ... ring(1) | typed.ts:28:24:28:34 | redirectUri | provenance | |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | provenance | |
| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | provenance | |
| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | provenance | |
| typed.ts:47:25:47:34 | loc.search | typed.ts:47:25:47:47 | loc.sea ... ring(1) | provenance | |
| typed.ts:47:25:47:47 | loc.sea ... ring(1) | typed.ts:51:24:51:34 | redirectUri | provenance | |
| typed.ts:48:26:48:36 | loc2.search | typed.ts:48:26:48:49 | loc2.se ... ring(1) | provenance | |
| typed.ts:48:26:48:49 | loc2.se ... ring(1) | typed.ts:55:25:55:35 | redirectUri | provenance | |
| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | provenance | |
| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | provenance | |
subpaths
@@ -240,7 +248,7 @@ subpaths
| tst10.js:8:17:8:47 | '//' + ... .search | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value |
| tst10.js:11:17:11:50 | '//foo' ... .search | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value |
| tst10.js:14:17:14:56 | 'https: ... .search | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value |
| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:39 | window.location.hash | tst12.js:5:23:5:25 | loc | Untrusted URL redirection depends on a $@. | tst12.js:3:20:3:39 | window.location.hash | user-provided value |
| tst12.js:4:23:4:25 | loc | tst12.js:2:20:2:39 | window.location.hash | tst12.js:4:23:4:25 | loc | Untrusted URL redirection depends on a $@. | tst12.js:2:20:2:39 | window.location.hash | user-provided value |
| tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:4:15:4:21 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:8:21:8:27 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:12:14:12:20 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |

0
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.expected Normal file
View File

3
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst12.js
View File

@@ -1,6 +1,5 @@
// NOT OK
function foo() {
var urlParts = window.location.hash.split('?');
var loc = urlParts[0] + "?" + boxes.value;
window.location = loc
window.location = loc; // OK [INCONSISTENCY] - always starts with '#'
}

44
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst13.js
View File

@@ -1,48 +1,48 @@
function foo() {
var payload = document.location.search.substr(1);
var el = document.createElement("a");
el.href = payload;
document.body.appendChild(el); // NOT OK
el.href = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("button");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("embed");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("form");
el.action = payload;
document.body.appendChild(el); // NOT OK
el.action = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("frame");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("iframe");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("input");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("isindex");
el.action = payload;
document.body.appendChild(el); // NOT OK
el.action = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("isindex");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("object");
el.data = payload;
document.body.appendChild(el); // NOT OK
el.data = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("script");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
}
(function () {

28
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/typed.ts
View File

@@ -1,11 +1,11 @@
export class MyComponent {
componentDidMount() {
const { location }: { location: Location } = (this as any).props;
var params = location.search;
var params = location.search.substring(1);
this.doRedirect(params);
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri);
window.location.replace(redirectUri); // NOT OK
}
}
@@ -17,16 +17,16 @@ export class MyTrackingComponent {
loc: location
};
var secondLoc = container.loc; // type-tracking step 1 - not the source
this.myIndirectRedirect(secondLoc);
this.myIndirectRedirect(secondLoc);
}
private myIndirectRedirect(loc) { // type-tracking step 2 - also not the source
this.doRedirect(loc.search);
this.doRedirect(loc.search.substring(1));
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri);
window.location.replace(redirectUri); // NOT OK
}
}
@@ -38,21 +38,21 @@ export class WeirdTracking {
loc: location
};
var secondLoc = container.loc; // type-tracking step 1 - not the source
this.myIndirectRedirect(secondLoc);
this.myIndirectRedirect(secondLoc);
}
private myIndirectRedirect(loc) { // type-tracking step 2 - also not the source
const loc2 : Location = (loc as any).componentDidMount;
this.doRedirect(loc.search);
this.doRedirect2(loc2.search);
const loc2: Location = (loc as any).componentDidMount;
this.doRedirect(loc.search.substring(1));
this.doRedirect2(loc2.search.substring(1));
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri); // NOT OK - and correctly flagged
window.location.replace(redirectUri); // NOT OK
}
private doRedirect2(redirectUri: string) {
window.location.replace(redirectUri); // NOT OK - and correctly flagged
window.location.replace(redirectUri); // NOT OK
}
}
}