hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Move typed test into separate test

Browse Source
This commit is contained in:
Asger F
2019-09-02 10:38:14 +01:00
parent ea446f2aa1
commit ad5abc61cc
21 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-089/tsconfig.json
View File

@@ -1 +0,0 @@
{"include": ["."]}

15
javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected Normal file
View File

@@ -0,0 +1,15 @@
nodes
| typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v |
edges
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
#select
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |

0
javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.qlref → javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.qlref
View File

0
javascript/ql/test/query-tests/Security/CWE-089/shim.d.ts → javascript/ql/test/query-tests/Security/CWE-089/typed/shim.d.ts vendored
View File

6
javascript/ql/test/query-tests/Security/CWE-089/typed/tsconfig.json Normal file
View File

@@ -0,0 +1,6 @@
{
"include": ["."],
"compilerOptions": {
"esModuleInterop": true
}
}

4
javascript/ql/test/query-tests/Security/CWE-089/typedClient.ts → javascript/ql/test/query-tests/Security/CWE-089/typed/typedClient.ts
View File

@@ -1,7 +1,7 @@
import * as mongodb from "mongodb";
import express from 'express';
import bodyParser from 'body-parser';
const express = require('express') as any;
const bodyParser = require('body-parser') as any;
declare function getCollection(): mongodb.Collection;

12
javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.expected → javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -63,12 +63,6 @@ nodes
| tst4.js:8:46:8:60 | $routeParams.id |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id |
| typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v |
edges
| mongodb.js:12:11:12:20 | query | mongodb.js:14:59:14:58 | query |
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
@@ -162,11 +156,6 @@ edges
| tst.js:10:10:10:58 | 'SELECT ... rams.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:58 | 'SELECT ... rams.id |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
#select
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
@@ -193,4 +182,3 @@ edges
| tst3.js:10:14:10:19 | query1 | tst3.js:9:16:9:34 | req.params.category | tst3.js:10:14:10:19 | query1 | This query depends on $@. | tst3.js:9:16:9:34 | req.params.category | a user-provided value |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |

1
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-089/SqlInjection.ql

0
javascript/ql/test/query-tests/Security/CWE-089/mongodb.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/mongodb_bodySafe.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb_bodySafe.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/mongoose.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongoose.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/mongooseJsonParse.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongooseJsonParse.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/mongooseModel.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongooseModel.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/mongooseModelClient.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/mongooseModelClient.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/node-postgres-LICENSE → javascript/ql/test/query-tests/Security/CWE-089/untyped/node-postgres-LICENSE
View File

0
javascript/ql/test/query-tests/Security/CWE-089/node-sqlite3-LICENSE → javascript/ql/test/query-tests/Security/CWE-089/untyped/node-sqlite3-LICENSE
View File

0
javascript/ql/test/query-tests/Security/CWE-089/socketio.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/socketio.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/tst.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/tst.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/tst2.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/tst2.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/tst3.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/tst3.js
View File

0
javascript/ql/test/query-tests/Security/CWE-089/tst4.js → javascript/ql/test/query-tests/Security/CWE-089/untyped/tst4.js
View File