JavaScript: Update qhelp example for CleartextStorage.

2026-04-29 18:55:14 +02:00 · 2019-02-08 08:43:02 +00:00
parent 0be81dacdc
commit aebc5bc6c3
7 changed files with 29 additions and 30 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
@@ -1,11 +1,11 @@
 nodes
-| CleartextStorage2.js:5:7:5:52 | a |
-| CleartextStorage2.js:5:11:5:52 | url.par ... untName |
-| CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a |
-| CleartextStorage2.js:7:36:7:36 | a |
-| CleartextStorage.js:5:7:5:34 | a |
-| CleartextStorage.js:5:11:5:34 | req.par ... tName") |
-| CleartextStorage.js:7:29:7:29 | a |
+| CleartextStorage2.js:5:7:5:58 | pw |
+| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
+| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
+| CleartextStorage2.js:7:33:7:34 | pw |
+| CleartextStorage.js:5:7:5:40 | pw |
+| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
+| CleartextStorage.js:7:26:7:27 | pw |
 | tst-angularjs.js:3:32:3:45 | data1.password |
 | tst-angularjs.js:4:33:4:46 | data2.password |
 | tst-angularjs.js:5:27:5:40 | data3.password |
@@ -15,14 +15,14 @@ nodes
 | tst-webstorage.js:3:20:3:32 | data.password |
 | tst-webstorage.js:4:29:4:41 | data.password |
 edges
-| CleartextStorage2.js:5:7:5:52 | a | CleartextStorage2.js:7:36:7:36 | a |
-| CleartextStorage2.js:5:11:5:52 | url.par ... untName | CleartextStorage2.js:5:7:5:52 | a |
-| CleartextStorage2.js:7:36:7:36 | a | CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a |
-| CleartextStorage.js:5:7:5:34 | a | CleartextStorage.js:7:29:7:29 | a |
-| CleartextStorage.js:5:11:5:34 | req.par ... tName") | CleartextStorage.js:5:7:5:34 | a |
+| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw |
+| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
+| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
+| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
+| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
 #select
-| CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a | CleartextStorage2.js:5:11:5:52 | url.par ... untName | CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a | Sensitive data returned by $@ is stored here. | CleartextStorage2.js:5:11:5:52 | url.par ... untName | an access to AccountName |
-| CleartextStorage.js:7:29:7:29 | a | CleartextStorage.js:5:11:5:34 | req.par ... tName") | CleartextStorage.js:7:29:7:29 | a | Sensitive data returned by $@ is stored here. | CleartextStorage.js:5:11:5:34 | req.par ... tName") | a call to param |
+| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | Sensitive data returned by $@ is stored here. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password |
+| CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | Sensitive data returned by $@ is stored here. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |
 | tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:3:32:3:45 | data1.password | an access to password |
 | tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:4:33:4:46 | data2.password | an access to password |
 | tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:5:27:5:40 | data3.password | an access to password |
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.js
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.js
@@ -1,8 +1,8 @@
 var express = require('express');

 var app = express();
-app.get('/', function (req, res) {
-  let a = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
  // BAD: Setting a cookie value with cleartext sensitive data.
-  res.cookie("AccountName", a);
+  res.cookie("password", pw);
 });
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage2.js
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage2.js
@@ -2,9 +2,9 @@ var https = require('https');
 var url = require('url');

 var server = https.createServer(function(req, res) {
-  let a = url.parse(req.url, true).query.AccountName;
+  let pw = url.parse(req.url, true).query.current_password;
  res.writeHead(200, {
-    'Set-Cookie': 'AccountName=' + a,
+    'Set-Cookie': 'password=' + pw,
    'Content-Type': 'text/plain'
  });
 });
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorageGood.js
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorageGood.js
@@ -8,8 +8,8 @@ function encrypt(text){
 }

 var app = express();
-app.get('/', function (req, res) {
-  let accountName = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
  // GOOD: Encoding the value before setting it.
-  res.cookie("AccountName", encrypt(accountName));
+  res.cookie("password", encrypt(pw));
 });