JS: Update OK-style comments to $-style

2026-05-03 12:45:27 +02:00 · 2025-02-06 13:34:01 +01:00
parent 7e5c24a8ec
commit 9be041e27d
536 changed files with 4408 additions and 4762 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/tst.js
@@ -6,14 +6,14 @@ var myObj = {}
 app.get('/user/:id', function(req, res) {
 	myCoolLocalFct(req.query.userControlled);
 	var prop = myCoolLocalFct(req.query.userControlled);
-	myObj[prop] = 23; // NOT OK
-	myObj.prop = 23; // OK
-	var x = myObj[prop]; // NOT OK, but flagged by different query
+	myObj[prop] = 23; // $ Alert
+	myObj.prop = 23;
+	var x = myObj[prop]; // OK - flagged by different query
 	x(23);
-	delete myObj[prop]; // NOT OK
-	Object.defineProperty(myObj, prop, {value: 24}); // NOT OK
+	delete myObj[prop]; // $ Alert
+	Object.defineProperty(myObj, prop, {value: 24}); // $ Alert
 	var headers = {};
-	headers[prop] = 42; // NOT OK
+	headers[prop] = 42; // $ Alert
 	res.set(headers);
 	myCoolLocalFct[req.query.x](); // OK - flagged by method name injection
 });
--- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/tstNonExpr.js
+++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/tstNonExpr.js
@@ -4,8 +4,8 @@ var url = require('url');
 var server = http.createServer(function(req, res) {
  var userVal = req.url;
  var newProp = "$" + userVal;  
-  x[newProp] = 23; // OK  
-  res.setHeader(userVal, 'text/html'); // NOT OK
+  x[newProp] = 23;
+  res.setHeader(userVal, 'text/html'); // $ Alert
  res.write("foo");
  res.end("bar");
 })