hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: update 'xss' sink kind to 'js-injection'

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-16 13:32:29 -04:00
parent a0b502fa44
commit 74cd2407fb
6 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/test/library-tests/dataflow/external-models/sinks.expected
View File

@@ -4,5 +4,5 @@ invalidModelRow
| Sinks.cs:11:13:11:41 | this access | remote |
| Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote |
| Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection |
| Sinks.cs:20:20:20:22 | access to local variable res | xss |
| Sinks.cs:20:20:20:22 | access to local variable res | js-injection |
| Sinks.cs:27:20:27:25 | access to local variable resTag | html-injection |

2
csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
View File

@@ -5,7 +5,7 @@ extensions:
data:
# "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance"
- ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"]
- ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"]
- ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "js-injection", "manual"]
- ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html-injection", "manual"]
- ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"]
- ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"]