hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test for res.locals flow to template

Browse Source
This commit is contained in:
Asger Feldthaus
2021-12-14 14:37:00 +01:00
parent 04bdba85ea
commit 995e33158f
6 changed files with 30 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
javascript/ql/test/library-tests/frameworks/Templating/Xss.expected
View File

@@ -33,6 +33,8 @@ nodes
| app.js:59:38:59:74 | req.que ... ringRaw |
| app.js:66:18:66:34 | req.query.rawHtml |
| app.js:66:18:66:34 | req.query.rawHtml |
| projectA/src/index.js:6:38:6:53 | req.query.taintA |
| projectA/src/index.js:6:38:6:53 | req.query.taintA |
| projectA/src/index.js:12:16:12:30 | req.query.sinkA |
| projectA/src/index.js:12:16:12:30 | req.query.sinkA |
| projectA/src/index.js:17:16:17:30 | req.query.sinkA |
@@ -48,6 +50,9 @@ nodes
| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/main.ejs:2:5:2:9 | sinkA |
| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA |
@@ -57,6 +62,8 @@ nodes
| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> |
| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> |
| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA |
| projectB/src/index.js:6:38:6:53 | req.query.taintB |
| projectB/src/index.js:6:38:6:53 | req.query.taintB |
| projectB/src/index.js:13:16:13:30 | req.query.sinkB |
| projectB/src/index.js:13:16:13:30 | req.query.sinkB |
| projectB/src/index.js:18:16:18:30 | req.query.sinkB |
@@ -70,6 +77,9 @@ nodes
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/main.ejs:3:5:3:9 | sinkB |
| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB |
@@ -183,6 +193,8 @@ edges
| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml |
| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml |
| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml |
| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
@@ -197,12 +209,16 @@ edges
| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA |
| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> |
| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> |
| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware |
| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB |
| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB |
| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB |
@@ -215,6 +231,8 @@ edges
| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB |
| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> |
@@ -253,12 +271,14 @@ edges
#select
| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:12:16:12:30 | req.query.sinkA | user-provided value |
| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:17:16:17:30 | req.query.sinkA | user-provided value |
| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:6:38:6:53 | req.query.taintA | user-provided value |
| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:22:16:22:30 | req.query.sinkA | user-provided value |
| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:37:16:37:30 | req.query.sinkA | user-provided value |
| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:42:16:42:30 | req.query.sinkA | user-provided value |
| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:47:16:47:30 | req.query.sinkA | user-provided value |
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:13:16:13:30 | req.query.sinkB | user-provided value |
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:18:16:18:30 | req.query.sinkB | user-provided value |
| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:6:38:6:53 | req.query.taintB | user-provided value |
| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:23:16:23:30 | req.query.sinkB | user-provided value |
| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:38:16:38:30 | req.query.sinkB | user-provided value |
| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:43:16:43:30 | req.query.sinkB | user-provided value |

4
javascript/ql/test/library-tests/frameworks/Templating/projectA/src/index.js
View File

@@ -3,8 +3,8 @@ const express = require('express');
const app = express();
app.use((req, res, next) => {
res.locals.taintedInMiddleware = req.query.taintA;
next();
});
app.get('/fooA', (req, res) => {

2
javascript/ql/test/library-tests/frameworks/Templating/projectA/views/main.ejs
View File

@@ -1,3 +1,5 @@
Project A
<%- sinkA %>
<%= sinkB %>
<%- taintedInMiddleware %>

4
javascript/ql/test/library-tests/frameworks/Templating/projectB/src/index.js
View File

@@ -3,8 +3,8 @@ const express = require('express');
const app = express();
app.use((req, res, next) => {
res.locals.taintedInMiddleware = req.query.taintB;
next();
});
app.get('/fooA', (req, res) => {

2
javascript/ql/test/library-tests/frameworks/Templating/projectB/views/main.ejs
View File

@@ -1,3 +1,5 @@
Project B
<%= sinkA %>
<%- sinkB %>
<%- taintedInMiddleware %>

2
javascript/ql/test/library-tests/frameworks/Templating/test.expected
View File

@@ -40,10 +40,12 @@ getTargetFile
| views/ejs_sinks.ejs:24:13:24:53 | include ... Html }) | views/ejs_include1.ejs:0:0:0:0 | views/ejs_include1.ejs |
xssSink
| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> |
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> |
| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> |
| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> |