update comments to match alert location for CWE-807

javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected

@@ -2,113 +2,113 @@ nodes
 | tst.js:9:8:9:26 | req.params.shutDown |
 | tst.js:9:8:9:26 | req.params.shutDown |
 | tst.js:9:8:9:26 | req.params.shutDown |
-| tst.js:14:9:14:19 | req.cookies |
-| tst.js:14:9:14:19 | req.cookies |
-| tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:30:9:30:37 | v3 |
-| tst.js:30:14:30:37 | id(req. ... okieId) |
-| tst.js:30:17:30:27 | req.cookies |
-| tst.js:30:17:30:27 | req.cookies |
-| tst.js:30:17:30:36 | req.cookies.cookieId |
-| tst.js:31:9:31:10 | v3 |
-| tst.js:31:9:31:10 | v3 |
-| tst.js:37:13:37:23 | req.cookies |
-| tst.js:37:13:37:23 | req.cookies |
-| tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:43:9:43:19 | req.cookies |
-| tst.js:43:9:43:19 | req.cookies |
-| tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:50:8:50:23 | req.params.login |
-| tst.js:50:8:50:23 | req.params.login |
-| tst.js:50:8:50:23 | req.params.login |
-| tst.js:65:8:65:23 | req.params.login |
-| tst.js:65:8:65:23 | req.params.login |
-| tst.js:65:8:65:23 | req.params.login |
-| tst.js:70:9:70:19 | req.cookies |
-| tst.js:70:9:70:19 | req.cookies |
-| tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:34:70:53 | req.params.requestId |
-| tst.js:70:34:70:53 | req.params.requestId |
-| tst.js:70:34:70:53 | req.params.requestId |
-| tst.js:75:14:75:24 | req.cookies |
-| tst.js:75:14:75:24 | req.cookies |
-| tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:39:75:58 | req.params.requestId |
-| tst.js:75:39:75:58 | req.params.requestId |
-| tst.js:75:39:75:58 | req.params.requestId |
-| tst.js:90:9:90:19 | req.cookies |
-| tst.js:90:9:90:19 | req.cookies |
-| tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:41 | req.coo ... secret" |
-| tst.js:90:9:90:41 | req.coo ... secret" |
-| tst.js:104:10:104:17 | req.body |
-| tst.js:104:10:104:17 | req.body |
-| tst.js:104:10:104:17 | req.body |
-| tst.js:111:13:111:32 | req.query.vulnerable |
-| tst.js:111:13:111:32 | req.query.vulnerable |
-| tst.js:111:13:111:32 | req.query.vulnerable |
-| tst.js:118:13:118:32 | req.query.vulnerable |
-| tst.js:118:13:118:32 | req.query.vulnerable |
-| tst.js:118:13:118:32 | req.query.vulnerable |
-| tst.js:126:13:126:32 | req.query.vulnerable |
-| tst.js:126:13:126:32 | req.query.vulnerable |
-| tst.js:126:13:126:32 | req.query.vulnerable |
+| tst.js:13:9:13:19 | req.cookies |
+| tst.js:13:9:13:19 | req.cookies |
+| tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:27:9:27:37 | v3 |
+| tst.js:27:14:27:37 | id(req. ... okieId) |
+| tst.js:27:17:27:27 | req.cookies |
+| tst.js:27:17:27:27 | req.cookies |
+| tst.js:27:17:27:36 | req.cookies.cookieId |
+| tst.js:28:9:28:10 | v3 |
+| tst.js:28:9:28:10 | v3 |
+| tst.js:33:13:33:23 | req.cookies |
+| tst.js:33:13:33:23 | req.cookies |
+| tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:38:9:38:19 | req.cookies |
+| tst.js:38:9:38:19 | req.cookies |
+| tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:44:8:44:23 | req.params.login |
+| tst.js:44:8:44:23 | req.params.login |
+| tst.js:44:8:44:23 | req.params.login |
+| tst.js:57:8:57:23 | req.params.login |
+| tst.js:57:8:57:23 | req.params.login |
+| tst.js:57:8:57:23 | req.params.login |
+| tst.js:61:9:61:19 | req.cookies |
+| tst.js:61:9:61:19 | req.cookies |
+| tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:34:61:53 | req.params.requestId |
+| tst.js:61:34:61:53 | req.params.requestId |
+| tst.js:61:34:61:53 | req.params.requestId |
+| tst.js:65:14:65:24 | req.cookies |
+| tst.js:65:14:65:24 | req.cookies |
+| tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:39:65:58 | req.params.requestId |
+| tst.js:65:39:65:58 | req.params.requestId |
+| tst.js:65:39:65:58 | req.params.requestId |
+| tst.js:78:9:78:19 | req.cookies |
+| tst.js:78:9:78:19 | req.cookies |
+| tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:41 | req.coo ... secret" |
+| tst.js:78:9:78:41 | req.coo ... secret" |
+| tst.js:91:10:91:17 | req.body |
+| tst.js:91:10:91:17 | req.body |
+| tst.js:91:10:91:17 | req.body |
+| tst.js:98:13:98:32 | req.query.vulnerable |
+| tst.js:98:13:98:32 | req.query.vulnerable |
+| tst.js:98:13:98:32 | req.query.vulnerable |
+| tst.js:105:13:105:32 | req.query.vulnerable |
+| tst.js:105:13:105:32 | req.query.vulnerable |
+| tst.js:105:13:105:32 | req.query.vulnerable |
+| tst.js:113:13:113:32 | req.query.vulnerable |
+| tst.js:113:13:113:32 | req.query.vulnerable |
+| tst.js:113:13:113:32 | req.query.vulnerable |
 edges
 | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown |
-| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
-| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
-| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
-| tst.js:30:14:30:37 | id(req. ... okieId) | tst.js:30:9:30:37 | v3 |
-| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
-| tst.js:30:17:30:27 | req.cookies | tst.js:30:17:30:36 | req.cookies.cookieId |
-| tst.js:30:17:30:36 | req.cookies.cookieId | tst.js:30:14:30:37 | id(req. ... okieId) |
-| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
-| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
-| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login |
-| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login |
-| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
-| tst.js:70:34:70:53 | req.params.requestId | tst.js:70:34:70:53 | req.params.requestId |
-| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
-| tst.js:75:39:75:58 | req.params.requestId | tst.js:75:39:75:58 | req.params.requestId |
-| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
-| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
-| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
-| tst.js:104:10:104:17 | req.body | tst.js:104:10:104:17 | req.body |
-| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable |
-| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable |
-| tst.js:126:13:126:32 | req.query.vulnerable | tst.js:126:13:126:32 | req.query.vulnerable |
+| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing |
+| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 |
+| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 |
+| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 |
+| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId |
+| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId |
+| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) |
+| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId |
+| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId |
+| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login |
+| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login |
+| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId |
+| tst.js:61:34:61:53 | req.params.requestId | tst.js:61:34:61:53 | req.params.requestId |
+| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId |
+| tst.js:65:39:65:58 | req.params.requestId | tst.js:65:39:65:58 | req.params.requestId |
+| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId |
+| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" |
+| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" |
+| tst.js:91:10:91:17 | req.body | tst.js:91:10:91:17 | req.body |
+| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable |
+| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable |
+| tst.js:113:13:113:32 | req.query.vulnerable | tst.js:113:13:113:32 | req.query.vulnerable |
 #select
-| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but $@ controls it. | tst.js:11:9:11:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | a user-provided value |
-| tst.js:14:9:14:30 | req.coo ... inThing | tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing | This condition guards a sensitive $@, but $@ controls it. | tst.js:16:9:16:17 | o.login() | action | tst.js:14:9:14:19 | req.cookies | a user-provided value |
-| tst.js:31:9:31:10 | v3 | tst.js:30:17:30:27 | req.cookies | tst.js:31:9:31:10 | v3 | This condition guards a sensitive $@, but $@ controls it. | tst.js:33:9:33:22 | process.exit() | action | tst.js:30:17:30:27 | req.cookies | a user-provided value |
-| tst.js:37:13:37:32 | req.cookies.cookieId | tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:39:13:39:26 | process.exit() | action | tst.js:37:13:37:23 | req.cookies | a user-provided value |
-| tst.js:43:9:43:28 | req.cookies.cookieId | tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:46:13:46:26 | process.exit() | action | tst.js:43:9:43:19 | req.cookies | a user-provided value |
-| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:54:9:54:15 | login() | action | tst.js:50:8:50:23 | req.params.login | a user-provided value |
-| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:67:9:67:15 | login() | action | tst.js:65:8:65:23 | req.params.login | a user-provided value |
-| tst.js:90:9:90:41 | req.coo ... secret" | tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:41 | req.coo ... secret" | This condition guards a sensitive $@, but $@ controls it. | tst.js:92:9:92:22 | process.exit() | action | tst.js:90:9:90:19 | req.cookies | a user-provided value |
-| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:114:9:114:16 | verify() | action | tst.js:111:13:111:32 | req.query.vulnerable | a user-provided value |
-| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:121:13:121:20 | verify() | action | tst.js:118:13:118:32 | req.query.vulnerable | a user-provided value |
+| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but $@ controls it. | tst.js:10:9:10:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | a user-provided value |
+| tst.js:13:9:13:30 | req.coo ... inThing | tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | This condition guards a sensitive $@, but $@ controls it. | tst.js:14:9:14:17 | o.login() | action | tst.js:13:9:13:19 | req.cookies | a user-provided value |
+| tst.js:28:9:28:10 | v3 | tst.js:27:17:27:27 | req.cookies | tst.js:28:9:28:10 | v3 | This condition guards a sensitive $@, but $@ controls it. | tst.js:29:9:29:22 | process.exit() | action | tst.js:27:17:27:27 | req.cookies | a user-provided value |
+| tst.js:33:13:33:32 | req.cookies.cookieId | tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:34:13:34:26 | process.exit() | action | tst.js:33:13:33:23 | req.cookies | a user-provided value |
+| tst.js:38:9:38:28 | req.cookies.cookieId | tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | This condition guards a sensitive $@, but $@ controls it. | tst.js:40:13:40:26 | process.exit() | action | tst.js:38:9:38:19 | req.cookies | a user-provided value |
+| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:47:9:47:15 | login() | action | tst.js:44:8:44:23 | req.params.login | a user-provided value |
+| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | This condition guards a sensitive $@, but $@ controls it. | tst.js:58:9:58:15 | login() | action | tst.js:57:8:57:23 | req.params.login | a user-provided value |
+| tst.js:78:9:78:41 | req.coo ... secret" | tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:41 | req.coo ... secret" | This condition guards a sensitive $@, but $@ controls it. | tst.js:79:9:79:22 | process.exit() | action | tst.js:78:9:78:19 | req.cookies | a user-provided value |
+| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:101:9:101:16 | verify() | action | tst.js:98:13:98:32 | req.query.vulnerable | a user-provided value |
+| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | This condition guards a sensitive $@, but $@ controls it. | tst.js:108:13:108:20 | verify() | action | tst.js:105:13:105:32 | req.query.vulnerable | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-807/DifferentKindsComparisonBypass.expected

@@ -1,6 +1,6 @@
 | tst-different-kinds-comparison-bypass.js:7:5:7:42 | req.que ... .userId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:7:5:7:20 | req.query.userId | req.query.userId | tst-different-kinds-comparison-bypass.js:7:25:7:35 | req.cookies | req.cookies |
 | tst-different-kinds-comparison-bypass.js:11:5:11:23 | req.url == req.body | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:11:5:11:11 | req.url | req.url | tst-different-kinds-comparison-bypass.js:11:16:11:23 | req.body | req.body |
 | tst-different-kinds-comparison-bypass.js:16:9:16:14 | a == b | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst-different-kinds-comparison-bypass.js:13:11:13:26 | req.query.userId | req.query.userId | tst-different-kinds-comparison-bypass.js:13:29:13:39 | req.cookies | req.cookies |
-| tst.js:70:9:70:53 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:70:9:70:19 | req.cookies | req.cookies | tst.js:70:34:70:53 | req.params.requestId | req.params.requestId |
-| tst.js:75:14:75:58 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:75:14:75:24 | req.cookies | req.cookies | tst.js:75:39:75:58 | req.params.requestId | req.params.requestId |
-| tst.js:82:16:82:22 | p === q | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:84:18:84:28 | req.cookies | req.cookies | tst.js:84:40:84:59 | req.params.requestId | req.params.requestId |
+| tst.js:61:9:61:53 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:61:9:61:19 | req.cookies | req.cookies | tst.js:61:34:61:53 | req.params.requestId | req.params.requestId |
+| tst.js:65:14:65:58 | req.coo ... questId | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:65:14:65:24 | req.cookies | req.cookies | tst.js:65:39:65:58 | req.params.requestId | req.params.requestId |
+| tst.js:71:16:71:22 | p === q | This comparison of $@ and $@ is a potential security risk since it is controlled by the user. | tst.js:73:18:73:28 | req.cookies | req.cookies | tst.js:73:40:73:59 | req.params.requestId | req.params.requestId |

javascript/ql/test/query-tests/Security/CWE-807/tst.js

@@ -6,18 +6,15 @@ app.get('/user/:id', function(req, res) {
      // OK
     process.exit();
 
-    if(req.params.shutDown) {
-        // NOT OK: depends on user input
+    if(req.params.shutDown) { // NOT OK: depends on user input
         process.exit();
     }
 
-    if (req.cookies.loginThing) {
-        // NOT OK: depends on user input
+    if (req.cookies.loginThing) { // NOT OK: depends on user input
         o.login();
     }
 
-    if (req.cookies.loginThing) {
-        // OK: not a sensitive action
+    if (req.cookies.loginThing) { // OK: not a sensitive action
         o.getLogin();
     }
 
@@ -28,67 +25,57 @@ app.get('/user/:id', function(req, res) {
         return v;
     }
     var v3 = id(req.cookies.cookieId);
-    if (v3) {
-        // NOT OK, depends on user input
+    if (v3) { // NOT OK, depends on user input
         process.exit();
     }
 
     if (otherCondition) {
-        if (req.cookies.cookieId) {
-            // NOT OK: depends on user input
+        if (req.cookies.cookieId) { // NOT OK: depends on user input
             process.exit();
         }
     }
 
-    if (req.cookies.cookieId) {
+    if (req.cookies.cookieId) { // OK: but flagged anyway due to plain dominance analysis [INCONSISTENCY]
         if (otherCondition) {
-            // OK: but flagged anyway due to plain dominance analysis
             process.exit();
         }
     }
 
-    if(req.params.login) {
+    if(req.params.login) { // NOT OK: depends on user input
 
     } else {
-        // NOT OK: depends on user input
         login()
     }
 
 
-    if(req.params.login && somethingElse) {
+    if(req.params.login && somethingElse) { // OK: depends on something else
 
     } else {
-        // OK: depends on something else
         login()
     }
 
-    if(req.params.login && somethingElse) {
-        // NOT OK: depends on user input
+    if(req.params.login && somethingElse) { // NOT OK: depends on user input
         login()
     }
 
-    if (req.cookies.cookieId === req.params.requestId) {
-        // NOT OK: depends on user input
+    if (req.cookies.cookieId === req.params.requestId) { // NOT OK: depends on user input
         process.exit();
     }
 
-    var v1 = req.cookies.cookieId === req.params.requestId;
+    var v1 = req.cookies.cookieId === req.params.requestId; // NOT OK: depends on user input
     if (v1) {
-        // NOT OK: depends on user input
         process.exit();
     }
 
     function cmp(p, q) {
         return p === q;
     }
-    var v2 = cmp(req.cookies.cookieId, req.params.requestId);
+    var v2 = cmp(req.cookies.cookieId, req.params.requestId); // NOT OK, but not detected due to flow limitations [INCONSISTENCY]
     if (v2) {
-        // NOT OK, but not detected due to flow limitations
         process.exit();
     }
 
-    if (req.cookies.cookieId === "secret") {
-        // NOT OK: depends on user input
+    if (req.cookies.cookieId === "secret") { // NOT OK: depends on user input
         process.exit();
     }