Merge pull request #11157 from asgerf/js/yaml-locations

JS: fix issue with zero-column yaml locations

javascript/extractor/src/com/semmle/js/extractor/Main.java

@@ -41,7 +41,7 @@ public class Main {
    * A version identifier that should be updated every time the extractor changes in such a way that
    * it may produce different tuples for the same file under the same {@link ExtractorConfig}.
    */
-  public static final String EXTRACTOR_VERSION = "2022-09-19";
+  public static final String EXTRACTOR_VERSION = "2022-11-08";
 
   public static final Pattern NEWLINE = Pattern.compile("\n");
 

javascript/extractor/src/com/semmle/js/extractor/YAMLExtractor.java

@@ -3,6 +3,7 @@ package com.semmle.js.extractor;
 import com.semmle.util.data.StringUtil;
 import com.semmle.util.exception.CatastrophicError;
 import com.semmle.util.exception.UserError;
+import com.semmle.util.locations.LineTable;
 import com.semmle.util.trap.TrapWriter;
 import com.semmle.util.trap.TrapWriter.Label;
 import com.semmle.util.trap.TrapWriter.Table;
@@ -76,8 +77,10 @@ public class YAMLExtractor implements IExtractor {
 
   private final boolean tolerateParseErrors;
 
+  private TextualExtractor textualExtractor;
   private LocationManager locationManager;
   private TrapWriter trapWriter;
+  private LineTable lineTable;
 
   /**
    * The underlying SnakeYAML parser; we use the relatively low-level {@linkplain Parser} instead of
@@ -93,8 +96,16 @@ public class YAMLExtractor implements IExtractor {
     this.tolerateParseErrors = config.isTolerateParseErrors();
   }
 
+  private LineTable getLineTable() {
+    if (lineTable == null) {
+      lineTable = new LineTable(this.textualExtractor.getSource());
+    }
+    return lineTable;
+  }
+
   @Override
   public LoCInfo extract(TextualExtractor textualExtractor) {
+    this.textualExtractor = textualExtractor;
     locationManager = textualExtractor.getLocationManager();
     trapWriter = textualExtractor.getTrapwriter();
 
@@ -253,6 +264,18 @@ public class YAMLExtractor implements IExtractor {
     endLine = endMark.getLine() + 1;
     endColumn = endMark.getColumn();
 
+    // Avoid emitting column zero for non-empty locations
+    if (endColumn == 0 && !(startLine == endLine && startColumn == endColumn)) {
+      String source = textualExtractor.getSource();
+      int offset = getLineTable().getOffsetFromPoint(endMark.getLine(), endMark.getColumn()) - 1;
+      while (offset > 0 && isNewLine((int)source.charAt(offset))) {
+        --offset;
+      }
+      com.semmle.util.locations.Position adjustedEndPos = getLineTable().getEndPositionFromOffset(offset);
+      endLine = adjustedEndPos.getLine();
+      endColumn = adjustedEndPos.getColumn();
+    }
+
     locationManager.emitSnippetLocation(label, startLine, startColumn, endLine, endColumn);
   }
 }

javascript/extractor/tests/yaml/output/trap/cyclic.yaml.trap

@@ -28,12 +28,12 @@ yaml(#20006,3,#20003,-1,"","*cyc")
 locations_default(#20007,#10000,3,15,3,18)
 yaml_locations(#20006,#20007)
 yaml(#20003,1,#20000,-1,"tag:yaml.org,2002:map","&cyc")
-#20008=@"loc,{#10000},2,9,4,0"
-locations_default(#20008,#10000,2,9,4,0)
+#20008=@"loc,{#10000},2,9,3,19"
+locations_default(#20008,#10000,2,9,3,19)
 yaml_locations(#20003,#20008)
 yaml(#20000,1,#10000,0,"tag:yaml.org,2002:map","cyclic: &cyc")
-#20009=@"loc,{#10000},2,1,4,0"
-locations_default(#20009,#10000,2,1,4,0)
+#20009=@"loc,{#10000},2,1,3,19"
+locations_default(#20009,#10000,2,1,3,19)
 yaml_locations(#20000,#20009)
 numlines(#10000,3,0,0)
 filetype(#10000,"yaml")

javascript/extractor/tests/yaml/output/trap/orig.yml.trap

@@ -33,8 +33,8 @@ yaml(#20008,0,#20007,0,"tag:yaml.org,2002:str","xx [[ "" ... xxx; xx")
 locations_default(#20009,#10000,4,5,4,102)
 yaml_locations(#20008,#20009)
 yaml(#20007,2,#20000,-2,"tag:yaml.org,2002:seq","- xx [[ ... xxx; xx")
-#20010=@"loc,{#10000},4,3,6,0"
-locations_default(#20010,#10000,4,3,6,0)
+#20010=@"loc,{#10000},4,3,4,103"
+locations_default(#20010,#10000,4,3,4,103)
 yaml_locations(#20007,#20010)
 #20011=*
 yaml_scalars(#20011,0,"xxxxxx")
@@ -88,16 +88,16 @@ yaml(#20028,0,#20017,-3,"tag:yaml.org,2002:str","xxxxxx")
 locations_default(#20029,#10000,10,13,10,18)
 yaml_locations(#20028,#20029)
 yaml(#20017,1,#20016,0,"tag:yaml.org,2002:map","xx: xxxxx")
-#20030=@"loc,{#10000},8,7,14,0"
-locations_default(#20030,#10000,8,7,14,0)
+#20030=@"loc,{#10000},8,7,12,27"
+locations_default(#20030,#10000,8,7,12,27)
 yaml_locations(#20017,#20030)
 yaml(#20016,2,#20013,-1,"tag:yaml.org,2002:seq","- xx: xxxxx")
-#20031=@"loc,{#10000},8,5,14,0"
-locations_default(#20031,#10000,8,5,14,0)
+#20031=@"loc,{#10000},8,5,12,27"
+locations_default(#20031,#10000,8,5,12,27)
 yaml_locations(#20016,#20031)
 yaml(#20013,1,#20000,-3,"tag:yaml.org,2002:map","xxxxxxx:")
-#20032=@"loc,{#10000},7,3,14,0"
-locations_default(#20032,#10000,7,3,14,0)
+#20032=@"loc,{#10000},7,3,12,27"
+locations_default(#20032,#10000,7,3,12,27)
 yaml_locations(#20013,#20032)
 #20033=*
 yaml_scalars(#20033,0,"xxxxx")
@@ -120,12 +120,12 @@ yaml(#20039,0,#20038,0,"tag:yaml.org,2002:str","xxxx_xxxxxxx")
 locations_default(#20040,#10000,16,7,16,18)
 yaml_locations(#20039,#20040)
 yaml(#20038,2,#20035,-1,"tag:yaml.org,2002:seq","- xxxx_xxxxxxx")
-#20041=@"loc,{#10000},16,5,18,0"
-locations_default(#20041,#10000,16,5,18,0)
+#20041=@"loc,{#10000},16,5,16,19"
+locations_default(#20041,#10000,16,5,16,19)
 yaml_locations(#20038,#20041)
 yaml(#20035,1,#20000,-4,"tag:yaml.org,2002:map","xxxxxxxxxxx:")
-#20042=@"loc,{#10000},15,3,18,0"
-locations_default(#20042,#10000,15,3,18,0)
+#20042=@"loc,{#10000},15,3,16,19"
+locations_default(#20042,#10000,15,3,16,19)
 yaml_locations(#20035,#20042)
 #20043=*
 yaml_scalars(#20043,0,"xxxxxx")
@@ -171,8 +171,8 @@ yaml(#20056,0,#20045,-3,"tag:yaml.org,2002:str","xxx xxx xxxx")
 locations_default(#20057,#10000,21,11,21,22)
 yaml_locations(#20056,#20057)
 yaml(#20045,1,#20000,-5,"tag:yaml.org,2002:map","xxxx_xxxxxxx: xxxx")
-#20058=@"loc,{#10000},19,3,23,0"
-locations_default(#20058,#10000,19,3,23,0)
+#20058=@"loc,{#10000},19,3,21,23"
+locations_default(#20058,#10000,19,3,21,23)
 yaml_locations(#20045,#20058)
 #20059=*
 yaml_scalars(#20059,0,"xxx")
@@ -201,16 +201,16 @@ yaml(#20067,0,#20064,-1,"tag:yaml.org,2002:str","xxxxxxx ... xxxxxx=")
 locations_default(#20068,#10000,26,13,26,696)
 yaml_locations(#20067,#20068)
 yaml(#20064,1,#20061,-1,"tag:yaml.org,2002:map","xxxxxx: ... xxxxxx=")
-#20069=@"loc,{#10000},26,5,27,0"
-locations_default(#20069,#10000,26,5,27,0)
+#20069=@"loc,{#10000},26,5,26,697"
+locations_default(#20069,#10000,26,5,26,697)
 yaml_locations(#20064,#20069)
 yaml(#20061,1,#20000,-6,"tag:yaml.org,2002:map","xxxxxx:")
-#20070=@"loc,{#10000},24,3,27,0"
-locations_default(#20070,#10000,24,3,27,0)
+#20070=@"loc,{#10000},24,3,26,697"
+locations_default(#20070,#10000,24,3,26,697)
 yaml_locations(#20061,#20070)
 yaml(#20000,1,#10000,0,"tag:yaml.org,2002:map","xxxxxxxx: xxxx_xx")
-#20071=@"loc,{#10000},1,1,27,0"
-locations_default(#20071,#10000,1,1,27,0)
+#20071=@"loc,{#10000},1,1,26,697"
+locations_default(#20071,#10000,1,1,26,697)
 yaml_locations(#20000,#20071)
 numlines(#10000,26,0,0)
 filetype(#10000,"yaml")

javascript/extractor/tests/yaml/output/trap/tst.yml.trap

@@ -63,8 +63,8 @@ yaml(#20018,0,#20011,-2,"tag:yaml.org,2002:str","Gale")
 locations_default(#20019,#10000,6,14,6,17)
 yaml_locations(#20018,#20019)
 yaml(#20011,1,#20000,-3,"tag:yaml.org,2002:map","given:   Dorothy")
-#20020=@"loc,{#10000},5,5,8,0"
-locations_default(#20020,#10000,5,5,8,0)
+#20020=@"loc,{#10000},5,5,6,18"
+locations_default(#20020,#10000,5,5,6,18)
 yaml_locations(#20011,#20020)
 #20021=*
 yaml_scalars(#20021,0,"items")
@@ -188,12 +188,12 @@ yaml(#20061,0,#20042,-5,"tag:yaml.org,2002:int","1")
 locations_default(#20062,#10000,18,18,18,18)
 yaml_locations(#20061,#20062)
 yaml(#20042,1,#20023,1,"tag:yaml.org,2002:map","part_no:   E1628")
-#20063=@"loc,{#10000},14,7,20,0"
-locations_default(#20063,#10000,14,7,20,0)
+#20063=@"loc,{#10000},14,7,18,19"
+locations_default(#20063,#10000,14,7,18,19)
 yaml_locations(#20042,#20063)
 yaml(#20023,2,#20000,-4,"tag:yaml.org,2002:seq","- part_no:   A4786")
-#20064=@"loc,{#10000},9,5,20,0"
-locations_default(#20064,#10000,9,5,20,0)
+#20064=@"loc,{#10000},9,5,18,19"
+locations_default(#20064,#10000,9,5,18,19)
 yaml_locations(#20023,#20064)
 #20065=*
 yaml_scalars(#20065,0,"bill-to")
@@ -214,8 +214,8 @@ yaml_scalars(#20070,124,"123 Tornado Alley
 Suite 16
 ")
 yaml(#20070,0,#20067,-1,"tag:yaml.org,2002:str","|")
-#20071=@"loc,{#10000},21,13,24,0"
-locations_default(#20071,#10000,21,13,24,0)
+#20071=@"loc,{#10000},21,13,23,21"
+locations_default(#20071,#10000,21,13,23,21)
 yaml_locations(#20070,#20071)
 #20072=*
 yaml_scalars(#20072,0,"city")
@@ -242,8 +242,8 @@ yaml(#20078,0,#20067,-3,"tag:yaml.org,2002:str","KS")
 locations_default(#20079,#10000,25,13,25,14)
 yaml_locations(#20078,#20079)
 yaml(#20067,1,#20000,-5,"tag:yaml.org,2002:map","&id001")
-#20080=@"loc,{#10000},20,11,27,0"
-locations_default(#20080,#10000,20,11,27,0)
+#20080=@"loc,{#10000},20,11,25,15"
+locations_default(#20080,#10000,20,11,25,15)
 yaml_locations(#20067,#20080)
 #20081=*
 yaml_scalars(#20081,0,"ship-to")

javascript/ql/src/change-notes/2022-11-08-yaml-locations.md

@@ -0,0 +1,5 @@
+---
+category: fix
+---
+* Fixed an issue with multi-line strings in YAML files being associated with an invalid location,
+  causing alerts related to such strings to appear at the top of the YAML file.

javascript/ql/test/library-tests/ESLint/ESLintGlobal.expected

@@ -2,10 +2,10 @@
 | sub/.eslintrc.json:2:14:5:3 | {\\n      ... lse\\n  } | aNonWritableGlobal | false | sub/tst.js:1:1:1:15 | aWritableGlobal |
 | sub/.eslintrc.json:2:14:5:3 | {\\n      ... lse\\n  } | aWritableGlobal | true | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
 | sub/.eslintrc.json:2:14:5:3 | {\\n      ... lse\\n  } | aWritableGlobal | true | sub/tst.js:1:1:1:15 | aWritableGlobal |
-| sub/.eslintrc.yml:3:5:6:0 | aWritab ... l: true | aNonWritableGlobal | false | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
-| sub/.eslintrc.yml:3:5:6:0 | aWritab ... l: true | aNonWritableGlobal | false | sub/tst.js:1:1:1:15 | aWritableGlobal |
-| sub/.eslintrc.yml:3:5:6:0 | aWritab ... l: true | aWritableGlobal | true | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
-| sub/.eslintrc.yml:3:5:6:0 | aWritab ... l: true | aWritableGlobal | true | sub/tst.js:1:1:1:15 | aWritableGlobal |
+| sub/.eslintrc.yml:3:5:4:30 | aWritab ... l: true | aNonWritableGlobal | false | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
+| sub/.eslintrc.yml:3:5:4:30 | aWritab ... l: true | aNonWritableGlobal | false | sub/tst.js:1:1:1:15 | aWritableGlobal |
+| sub/.eslintrc.yml:3:5:4:30 | aWritab ... l: true | aWritableGlobal | true | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
+| sub/.eslintrc.yml:3:5:4:30 | aWritab ... l: true | aWritableGlobal | true | sub/tst.js:1:1:1:15 | aWritableGlobal |
 | sub/package.json:5:20:8:9 | {\\n      ...       } | aNonWritableGlobal | false | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |
 | sub/package.json:5:20:8:9 | {\\n      ...       } | aNonWritableGlobal | false | sub/tst.js:1:1:1:15 | aWritableGlobal |
 | sub/package.json:5:20:8:9 | {\\n      ...       } | aWritableGlobal | true | sub/subsub/tst.js:1:1:1:15 | aWritableGlobal |

javascript/ql/test/library-tests/YAML/printAst.expected

@@ -30,7 +30,7 @@ nodes
 | tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | semmle.label | [YamlSequence] - "name ...  Knopf" |
 | tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | semmle.order | 3 |
 | tst.yml:1:3:1:8 | [YamlScalar] "name" | semmle.label | [YamlScalar] "name" |
-| tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | semmle.label | [YamlMapping] "name": "Jim Knopf" |
+| tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | semmle.label | [YamlMapping] "name": "Jim Knopf" |
 | tst.yml:1:11:1:21 | [YamlScalar] "Jim Knopf" | semmle.label | [YamlScalar] "Jim Knopf" |
 | tst.yml:2:3:2:9 | [YamlScalar] address | semmle.label | [YamlScalar] address |
 | tst.yml:2:12:6:3 | [YamlMapping] { | semmle.label | [YamlMapping] { |
@@ -41,12 +41,12 @@ nodes
 | tst.yml:5:5:5:13 | [YamlScalar] "country" | semmle.label | [YamlScalar] "country" |
 | tst.yml:5:16:5:27 | [YamlScalar] "Lummerland" | semmle.label | [YamlScalar] "Lummerland" |
 | tst.yml:7:3:7:6 | [YamlScalar] name | semmle.label | [YamlScalar] name |
-| tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | semmle.label | [YamlMapping] name: Frau Mahlzahn |
+| tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | semmle.label | [YamlMapping] name: Frau Mahlzahn |
 | tst.yml:7:9:7:21 | [YamlScalar] Frau Mahlzahn | semmle.label | [YamlScalar] Frau Mahlzahn |
 | tst.yml:8:3:8:9 | [YamlScalar] address | semmle.label | [YamlScalar] address |
 | tst.yml:9:5:9:10 | [YamlScalar] street | semmle.label | [YamlScalar] street |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | semmle.label | [YamlMapping] street: \| |
-| tst.yml:9:13:11:0 | [YamlScalar] \| | semmle.label | [YamlScalar] \| |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | semmle.label | [YamlMapping] street: \| |
+| tst.yml:9:13:10:21 | [YamlScalar] \| | semmle.label | [YamlScalar] \| |
 | tst.yml:11:5:11:10 | [YamlScalar] number | semmle.label | [YamlScalar] number |
 | tst.yml:11:13:11:15 | [YamlScalar] 133 | semmle.label | [YamlScalar] 133 |
 | tst.yml:12:5:12:11 | [YamlScalar] country | semmle.label | [YamlScalar] country |
@@ -67,8 +67,8 @@ edges
 | file://:0:0:0:0 | (Mapping 0) street: | tst.yml:3:14:3:13 | [YamlScalar]  | semmle.order | 1 |
 | file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:5:9:10 | [YamlScalar] street | semmle.label | 0 |
 | file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:5:9:10 | [YamlScalar] street | semmle.order | 0 |
-| file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:13:11:0 | [YamlScalar] \| | semmle.label | 1 |
-| file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:13:11:0 | [YamlScalar] \| | semmle.order | 1 |
+| file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:13:10:21 | [YamlScalar] \| | semmle.label | 1 |
+| file://:0:0:0:0 | (Mapping 0) street: | tst.yml:9:13:10:21 | [YamlScalar] \| | semmle.order | 1 |
 | file://:0:0:0:0 | (Mapping 0) x: | merge.yaml:1:8:1:8 | [YamlScalar] x | semmle.label | 0 |
 | file://:0:0:0:0 | (Mapping 0) x: | merge.yaml:1:8:1:8 | [YamlScalar] x | semmle.order | 0 |
 | file://:0:0:0:0 | (Mapping 0) x: | merge.yaml:1:11:1:12 | [YamlScalar] 23 | semmle.label | 1 |
@@ -87,8 +87,8 @@ edges
 | file://:0:0:0:0 | (Mapping 1) address: | tst.yml:2:12:6:3 | [YamlMapping] { | semmle.order | 1 |
 | file://:0:0:0:0 | (Mapping 1) address: | tst.yml:8:3:8:9 | [YamlScalar] address | semmle.label | 0 |
 | file://:0:0:0:0 | (Mapping 1) address: | tst.yml:8:3:8:9 | [YamlScalar] address | semmle.order | 0 |
-| file://:0:0:0:0 | (Mapping 1) address: | tst.yml:9:5:14:0 | [YamlMapping] street: \| | semmle.label | 1 |
-| file://:0:0:0:0 | (Mapping 1) address: | tst.yml:9:5:14:0 | [YamlMapping] street: \| | semmle.order | 1 |
+| file://:0:0:0:0 | (Mapping 1) address: | tst.yml:9:5:13:19 | [YamlMapping] street: \| | semmle.label | 1 |
+| file://:0:0:0:0 | (Mapping 1) address: | tst.yml:9:5:13:19 | [YamlMapping] street: \| | semmle.order | 1 |
 | file://:0:0:0:0 | (Mapping 1) number: | tst.yml:4:5:4:12 | [YamlScalar] "number" | semmle.label | 0 |
 | file://:0:0:0:0 | (Mapping 1) number: | tst.yml:4:5:4:12 | [YamlScalar] "number" | semmle.order | 0 |
 | file://:0:0:0:0 | (Mapping 1) number: | tst.yml:4:15:4:16 | [YamlScalar] -1 | semmle.label | 1 |
@@ -121,31 +121,31 @@ edges
 | merge.yaml:2:3:3:8 | [YamlMapping] x: 56 | file://:0:0:0:0 | (Mapping 0) x: | semmle.order | 0 |
 | merge.yaml:2:3:3:8 | [YamlMapping] x: 56 | file://:0:0:0:0 | (Mapping 1) <<: | semmle.label | 1 |
 | merge.yaml:2:3:3:8 | [YamlMapping] x: 56 | file://:0:0:0:0 | (Mapping 1) <<: | semmle.order | 1 |
-| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | semmle.label | 0 |
-| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | semmle.order | 0 |
-| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | semmle.label | 1 |
-| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | semmle.order | 1 |
+| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | semmle.label | 0 |
+| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | semmle.order | 0 |
+| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | semmle.label | 1 |
+| tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | semmle.order | 1 |
 | tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:14:3:14:23 | [YamlScalar] !includ ... nal.yml | semmle.label | 2 |
 | tst.yml:1:1:14:23 | [YamlSequence] - "name ...  Knopf" | tst.yml:14:3:14:23 | [YamlScalar] !includ ... nal.yml | semmle.order | 2 |
-| tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 0) name: | semmle.label | 0 |
-| tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 0) name: | semmle.order | 0 |
-| tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 1) address: | semmle.label | 1 |
-| tst.yml:1:3:7:0 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 1) address: | semmle.order | 1 |
+| tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 0) name: | semmle.label | 0 |
+| tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 0) name: | semmle.order | 0 |
+| tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 1) address: | semmle.label | 1 |
+| tst.yml:1:3:6:4 | [YamlMapping] "name": "Jim Knopf" | file://:0:0:0:0 | (Mapping 1) address: | semmle.order | 1 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 0) street: | semmle.label | 0 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 0) street: | semmle.order | 0 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 1) number: | semmle.label | 1 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 1) number: | semmle.order | 1 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 2) country: | semmle.label | 2 |
 | tst.yml:2:12:6:3 | [YamlMapping] { | file://:0:0:0:0 | (Mapping 2) country: | semmle.order | 2 |
-| tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 0) name: | semmle.label | 0 |
-| tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 0) name: | semmle.order | 0 |
-| tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 1) address: | semmle.label | 1 |
-| tst.yml:7:3:14:0 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 1) address: | semmle.order | 1 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 0) street: | semmle.label | 0 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 0) street: | semmle.order | 0 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 1) number: | semmle.label | 1 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 1) number: | semmle.order | 1 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 2) country: | semmle.label | 2 |
-| tst.yml:9:5:14:0 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 2) country: | semmle.order | 2 |
+| tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 0) name: | semmle.label | 0 |
+| tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 0) name: | semmle.order | 0 |
+| tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 1) address: | semmle.label | 1 |
+| tst.yml:7:3:13:19 | [YamlMapping] name: Frau Mahlzahn | file://:0:0:0:0 | (Mapping 1) address: | semmle.order | 1 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 0) street: | semmle.label | 0 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 0) street: | semmle.order | 0 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 1) number: | semmle.label | 1 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 1) number: | semmle.order | 1 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 2) country: | semmle.label | 2 |
+| tst.yml:9:5:13:19 | [YamlMapping] street: \| | file://:0:0:0:0 | (Mapping 2) country: | semmle.order | 2 |
 graphProperties
 | semmle.graphKind | tree |

javascript/ql/test/library-tests/YAML/tests.expected

@@ -12,16 +12,16 @@ yamlMapping_maps
 | merge.yaml:2:3:3:8 | x: 56 | merge.yaml:1:15:1:15 | y | merge.yaml:1:18:1:19 | 42 |
 | merge.yaml:2:3:3:8 | x: 56 | merge.yaml:2:3:2:3 | x | merge.yaml:2:6:2:7 | 56 |
 | merge.yaml:2:3:3:8 | x: 56 | merge.yaml:3:3:3:4 | << | merge.yaml:1:3:1:21 | &A { x: 23, y: 42 } |
-| tst.yml:1:3:7:0 | "name": "Jim Knopf" | tst.yml:1:3:1:8 | "name" | tst.yml:1:11:1:21 | "Jim Knopf" |
-| tst.yml:1:3:7:0 | "name": "Jim Knopf" | tst.yml:2:3:2:9 | address | tst.yml:2:12:6:3 | { |
+| tst.yml:1:3:6:4 | "name": "Jim Knopf" | tst.yml:1:3:1:8 | "name" | tst.yml:1:11:1:21 | "Jim Knopf" |
+| tst.yml:1:3:6:4 | "name": "Jim Knopf" | tst.yml:2:3:2:9 | address | tst.yml:2:12:6:3 | { |
 | tst.yml:2:12:6:3 | { | tst.yml:3:5:3:12 | "street" | tst.yml:3:14:3:13 |  |
 | tst.yml:2:12:6:3 | { | tst.yml:4:5:4:12 | "number" | tst.yml:4:15:4:16 | -1 |
 | tst.yml:2:12:6:3 | { | tst.yml:5:5:5:13 | "country" | tst.yml:5:16:5:27 | "Lummerland" |
-| tst.yml:7:3:14:0 | name: Frau Mahlzahn | tst.yml:7:3:7:6 | name | tst.yml:7:9:7:21 | Frau Mahlzahn |
-| tst.yml:7:3:14:0 | name: Frau Mahlzahn | tst.yml:8:3:8:9 | address | tst.yml:9:5:14:0 | street: \| |
-| tst.yml:9:5:14:0 | street: \| | tst.yml:9:5:9:10 | street | tst.yml:9:13:11:0 | \| |
-| tst.yml:9:5:14:0 | street: \| | tst.yml:11:5:11:10 | number | tst.yml:11:13:11:15 | 133 |
-| tst.yml:9:5:14:0 | street: \| | tst.yml:12:5:12:11 | country | tst.yml:12:14:13:18 | < |
+| tst.yml:7:3:13:19 | name: Frau Mahlzahn | tst.yml:7:3:7:6 | name | tst.yml:7:9:7:21 | Frau Mahlzahn |
+| tst.yml:7:3:13:19 | name: Frau Mahlzahn | tst.yml:8:3:8:9 | address | tst.yml:9:5:13:19 | street: \| |
+| tst.yml:9:5:13:19 | street: \| | tst.yml:9:5:9:10 | street | tst.yml:9:13:10:21 | \| |
+| tst.yml:9:5:13:19 | street: \| | tst.yml:11:5:11:10 | number | tst.yml:11:13:11:15 | 133 |
+| tst.yml:9:5:13:19 | street: \| | tst.yml:12:5:12:11 | country | tst.yml:12:14:13:18 | < |
 yamlNode
 | external.yml:1:1:1:2 | 42 | tag:yaml.org,2002:int |
 | merge.yaml:1:1:3:8 | - &A {  ... y: 42 } | tag:yaml.org,2002:seq |
@@ -37,7 +37,7 @@ yamlNode
 | merge.yaml:3:7:3:8 | *A |  |
 | tst.yml:1:1:14:23 | - "name ...  Knopf" | tag:yaml.org,2002:seq |
 | tst.yml:1:3:1:8 | "name" | tag:yaml.org,2002:str |
-| tst.yml:1:3:7:0 | "name": "Jim Knopf" | tag:yaml.org,2002:map |
+| tst.yml:1:3:6:4 | "name": "Jim Knopf" | tag:yaml.org,2002:map |
 | tst.yml:1:11:1:21 | "Jim Knopf" | tag:yaml.org,2002:str |
 | tst.yml:2:3:2:9 | address | tag:yaml.org,2002:str |
 | tst.yml:2:12:6:3 | { | tag:yaml.org,2002:map |
@@ -48,12 +48,12 @@ yamlNode
 | tst.yml:5:5:5:13 | "country" | tag:yaml.org,2002:str |
 | tst.yml:5:16:5:27 | "Lummerland" | tag:yaml.org,2002:str |
 | tst.yml:7:3:7:6 | name | tag:yaml.org,2002:str |
-| tst.yml:7:3:14:0 | name: Frau Mahlzahn | tag:yaml.org,2002:map |
+| tst.yml:7:3:13:19 | name: Frau Mahlzahn | tag:yaml.org,2002:map |
 | tst.yml:7:9:7:21 | Frau Mahlzahn | tag:yaml.org,2002:str |
 | tst.yml:8:3:8:9 | address | tag:yaml.org,2002:str |
 | tst.yml:9:5:9:10 | street | tag:yaml.org,2002:str |
-| tst.yml:9:5:14:0 | street: \| | tag:yaml.org,2002:map |
-| tst.yml:9:13:11:0 | \| | tag:yaml.org,2002:str |
+| tst.yml:9:5:13:19 | street: \| | tag:yaml.org,2002:map |
+| tst.yml:9:13:10:21 | \| | tag:yaml.org,2002:str |
 | tst.yml:11:5:11:10 | number | tag:yaml.org,2002:str |
 | tst.yml:11:13:11:15 | 133 | tag:yaml.org,2002:int |
 | tst.yml:12:5:12:11 | country | tag:yaml.org,2002:str |
@@ -81,7 +81,7 @@ yamlScalar
 | tst.yml:7:9:7:21 | Frau Mahlzahn |  | Frau Mahlzahn |
 | tst.yml:8:3:8:9 | address |  | address |
 | tst.yml:9:5:9:10 | street |  | street |
-| tst.yml:9:13:11:0 | \| | \| | Alte Strasse\n |
+| tst.yml:9:13:10:21 | \| | \| | Alte Strasse\n |
 | tst.yml:11:5:11:10 | number |  | number |
 | tst.yml:11:13:11:15 | 133 |  | 133 |
 | tst.yml:12:5:12:11 | country |  | country |

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml

@@ -2,6 +2,12 @@ on: issue_comment
 
 jobs:
   echo-chamber:
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        echo '${{ github.event.comment.body }}'
+
+  echo-chamber2:
     runs-on: ubuntu-latest
     steps:
     - run: |

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue_newline.yml

@@ -0,0 +1,10 @@
+on: issue_comment
+
+# same as comment_issue but this file ends with a line break
+
+jobs:
+  echo-chamber:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          echo '${{ github.event.comment.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected

@@ -1 +1,3 @@
-| .github/workflows/comment_issue.yml:7:12:8:47 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |
+| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |
+| .github/workflows/comment_issue.yml:13:12:14:47 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |
+| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |