hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test for AngularJS sinks

Browse Source
This commit is contained in:
Asger Feldthaus
2021-07-29 08:52:33 +02:00
parent e61d534c59
commit b1cadc8ae7
6 changed files with 84 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/test/library-tests/frameworks/Templating/test.expected
View File

@@ -8,6 +8,8 @@ getLikelyTemplateSyntax
| projectB/views/main.ejs:0:0:0:0 | projectB/views/main.ejs | ejs |
| projectB/views/subfolder/index.ejs:0:0:0:0 | projectB/views/subfolder/index.ejs | ejs |
| projectB/views/subfolder/other.ejs:0:0:0:0 | projectB/views/subfolder/other.ejs | ejs |
| views/angularjs_include.ejs:0:0:0:0 | views/angularjs_include.ejs | ejs |
| views/angularjs_sinks.ejs:0:0:0:0 | views/angularjs_sinks.ejs | ejs |
| views/ejs_sinks.ejs:0:0:0:0 | views/ejs_sinks.ejs | ejs |
| views/hbs_sinks.hbs:0:0:0:0 | views/hbs_sinks.hbs | mustache |
| views/instantiated_as_ejs.html:0:0:0:0 | views/instantiated_as_ejs.html | ejs |
@@ -17,6 +19,7 @@ getTargetFile
| app.js:6:5:21:6 | res.ren ... \\n }) | views/ejs_sinks.ejs:0:0:0:0 | views/ejs_sinks.ejs |
| app.js:25:5:40:6 | res.ren ... \\n }) | views/hbs_sinks.hbs:0:0:0:0 | views/hbs_sinks.hbs |
| app.js:44:5:60:6 | res.ren ... \\n }) | views/njk_sinks.njk:0:0:0:0 | views/njk_sinks.njk |
| app.js:64:5:67:6 | res.ren ... \\n }) | views/angularjs_sinks.ejs:0:0:0:0 | views/angularjs_sinks.ejs |
| consolidate.js:3:1:3:83 | consoli ... => {}) | views/instantiated_as_ejs.html:0:0:0:0 | views/instantiated_as_ejs.html |
| consolidate.js:4:1:4:90 | consoli ... => {}) | views/instantiated_as_hbs.html:0:0:0:0 | views/instantiated_as_hbs.html |
| projectA/src/index.js:6:5:9:6 | res.ren ... \\n }) | projectA/views/main.ejs:0:0:0:0 | projectA/views/main.ejs |
@@ -36,6 +39,8 @@ xssSink
| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> |
| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> |
| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> |
| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
| views/ejs_sinks.ejs:5:9:5:31 | <%- rawHtmlSafeValue %> |
| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> |
@@ -58,6 +63,11 @@ xssSink
| views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json |
| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw |
codeInjectionSink
| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> |
| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> |
| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> |
| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
| views/angularjs_sinks.ejs:6:9:6:39 | <% include angularjs_include %> |
| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> |
| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> |
| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> |