hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port an experimental CodeInjection variant to ConfigSig

Browse Source
This commit is contained in:
Asger F
2024-11-28 11:19:52 +01:00
parent 1832e93766
commit 8887ca1722
2 changed files with 55 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
javascript/ql/test/experimental/Security/CWE-094-dataURL/CodeInjection.expected
View File

@@ -1,49 +1,38 @@
nodes
| test.js:5:11:5:44 | payload |
| test.js:5:21:5:44 | req.que ... rameter |
| test.js:5:21:5:44 | req.que ... rameter |
| test.js:6:9:6:43 | payloadURL |
| test.js:6:22:6:43 | new URL ... + sth) |
| test.js:6:30:6:36 | payload |
| test.js:6:30:6:42 | payload + sth |
| test.js:7:16:7:25 | payloadURL |
| test.js:7:16:7:25 | payloadURL |
| test.js:9:5:9:39 | payloadURL |
| test.js:9:18:9:39 | new URL ... + sth) |
| test.js:9:26:9:32 | payload |
| test.js:9:26:9:38 | payload + sth |
| test.js:10:16:10:25 | payloadURL |
| test.js:10:16:10:25 | payloadURL |
| test.js:17:11:17:44 | payload |
| test.js:17:21:17:44 | req.que ... rameter |
| test.js:17:21:17:44 | req.que ... rameter |
| test.js:18:18:18:24 | payload |
| test.js:18:18:18:24 | payload |
| test.js:19:18:19:24 | payload |
| test.js:19:18:19:30 | payload + sth |
| test.js:19:18:19:30 | payload + sth |
edges
| test.js:5:11:5:44 | payload | test.js:6:30:6:36 | payload |
| test.js:5:11:5:44 | payload | test.js:9:26:9:32 | payload |
| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload |
| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload |
| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL |
| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL |
| test.js:6:22:6:43 | new URL ... + sth) | test.js:6:9:6:43 | payloadURL |
| test.js:6:30:6:36 | payload | test.js:6:30:6:42 | payload + sth |
| test.js:6:30:6:42 | payload + sth | test.js:6:22:6:43 | new URL ... + sth) |
| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL |
| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL |
| test.js:9:18:9:39 | new URL ... + sth) | test.js:9:5:9:39 | payloadURL |
| test.js:9:26:9:32 | payload | test.js:9:26:9:38 | payload + sth |
| test.js:9:26:9:38 | payload + sth | test.js:9:18:9:39 | new URL ... + sth) |
| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload |
| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload |
| test.js:17:11:17:44 | payload | test.js:19:18:19:24 | payload |
| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload |
| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload |
| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth |
| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth |
| test.js:5:11:5:44 | payload | test.js:6:30:6:36 | payload | provenance | |
| test.js:5:11:5:44 | payload | test.js:9:26:9:32 | payload | provenance | |
| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload | provenance | |
| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL | provenance | |
| test.js:6:22:6:43 | new URL ... + sth) | test.js:6:9:6:43 | payloadURL | provenance | |
| test.js:6:30:6:36 | payload | test.js:6:30:6:42 | payload + sth | provenance | |
| test.js:6:30:6:42 | payload + sth | test.js:6:22:6:43 | new URL ... + sth) | provenance | Config |
| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL | provenance | |
| test.js:9:18:9:39 | new URL ... + sth) | test.js:9:5:9:39 | payloadURL | provenance | |
| test.js:9:26:9:32 | payload | test.js:9:26:9:38 | payload + sth | provenance | |
| test.js:9:26:9:38 | payload + sth | test.js:9:18:9:39 | new URL ... + sth) | provenance | Config |
| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload | provenance | |
| test.js:17:11:17:44 | payload | test.js:19:18:19:24 | payload | provenance | |
| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload | provenance | |
| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth | provenance | |
nodes
| test.js:5:11:5:44 | payload | semmle.label | payload |
| test.js:5:21:5:44 | req.que ... rameter | semmle.label | req.que ... rameter |
| test.js:6:9:6:43 | payloadURL | semmle.label | payloadURL |
| test.js:6:22:6:43 | new URL ... + sth) | semmle.label | new URL ... + sth) |
| test.js:6:30:6:36 | payload | semmle.label | payload |
| test.js:6:30:6:42 | payload + sth | semmle.label | payload + sth |
| test.js:7:16:7:25 | payloadURL | semmle.label | payloadURL |
| test.js:9:5:9:39 | payloadURL | semmle.label | payloadURL |
| test.js:9:18:9:39 | new URL ... + sth) | semmle.label | new URL ... + sth) |
| test.js:9:26:9:32 | payload | semmle.label | payload |
| test.js:9:26:9:38 | payload + sth | semmle.label | payload + sth |
| test.js:10:16:10:25 | payloadURL | semmle.label | payloadURL |
| test.js:17:11:17:44 | payload | semmle.label | payload |
| test.js:17:21:17:44 | req.que ... rameter | semmle.label | req.que ... rameter |
| test.js:18:18:18:24 | payload | semmle.label | payload |
| test.js:19:18:19:24 | payload | semmle.label | payload |
| test.js:19:18:19:30 | payload + sth | semmle.label | payload + sth |
subpaths
#select
| test.js:7:16:7:25 | payloadURL | test.js:5:21:5:44 | req.que ... rameter | test.js:7:16:7:25 | payloadURL | This command line depends on a $@. | test.js:5:21:5:44 | req.que ... rameter | user-provided value |
| test.js:10:16:10:25 | payloadURL | test.js:5:21:5:44 | req.que ... rameter | test.js:10:16:10:25 | payloadURL | This command line depends on a $@. | test.js:5:21:5:44 | req.que ... rameter | user-provided value |