hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address code review comments

Browse Source 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
This commit is contained in:
Alvaro Muñoz
2022-10-18 13:29:28 +02:00
parent 6ab62da015
commit b79f7f3e95
8 changed files with 164 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/library-tests/frameworks/Restify2/src/index.js
View File

@@ -101,7 +101,7 @@ server.get('/foo', // test: setup
return next();
},
function(req, res, next) { // test: handler
res.header("Content-Type", "text/html");
res.header("Content-Type", "text/html"); // test: headerDefinition
res.send(req.someData); // test: stackTraceExposureSink, xssSink, xss
return next();
}
@@ -119,7 +119,7 @@ server.get('/foo2', // test: setup
);
function xss(req, res, next) { // test: handler
res.header("Content-Type", "text/html");
res.header("Content-Type", "text/html"); // test: headerDefinition
res.send('hello ' + req.query.name); // test: source, stackTraceExposureSink, xssSink, xss
next();
}
@@ -140,7 +140,7 @@ function xss2(req, res, next) { // test: handler
});
function xss3(req, res, next) { // test: handler
res.header("Content-Type", "text/html");
res.header("Content-Type", "text/html"); // test: headerDefinition
res.send('hello ' + req.header("foo")); // test: source, stackTraceExposureSink, xssSink, !xss
next();
}

3
javascript/ql/test/library-tests/frameworks/Restify2/tests.expected
View File

@@ -26,6 +26,9 @@ passingPositiveTests
| PASSED | handler | src/index.js:192:39:192:61 | // test ... handler |
| PASSED | handler | src/index.js:194:49:194:71 | // test ... handler |
| PASSED | handler | src/index.js:198:65:198:87 | // test ... handler |
| PASSED | headerDefinition | src/index.js:104:46:104:70 | // test ... inition |
| PASSED | headerDefinition | src/index.js:122:44:122:68 | // test ... inition |
| PASSED | headerDefinition | src/index.js:143:44:143:68 | // test ... inition |
| PASSED | redirectSink | src/index.js:78:32:78:60 | // test ... ectSink |
| PASSED | redirectSink | src/index.js:87:45:87:73 | // test ... ectSink |
| PASSED | redirectSink | src/index.js:88:40:88:68 | // test ... ectSink |

37
javascript/ql/test/library-tests/frameworks/Restify2/tests.ql
View File

@@ -33,6 +33,15 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasPositiveTest(expectation) and
(
expectation = "headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "templateInstantiation" and
exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "source" and
exists(RemoteFlowSource n | t.inNode(n))
or
@@ -74,6 +83,15 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasPositiveTest(expectation) and
(
expectation = "headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "templateInstantiation" and
not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "source" and
not exists(RemoteFlowSource n | t.inNode(n))
or
@@ -115,6 +133,15 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasNegativeTest(expectation) and
(
expectation = "!headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "!cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "!templateInstantiation" and
not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "!source" and
not exists(RemoteFlowSource n | t.inNode(n))
or
@@ -156,6 +183,15 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasNegativeTest(expectation) and
(
expectation = "!headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "!cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "!templateInstantiation" and
exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "!source" and
exists(RemoteFlowSource n | t.inNode(n))
or
@@ -192,3 +228,4 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest
exists(RequestForgery::Sink n | t.inNode(n))
)
}

10
javascript/ql/test/library-tests/frameworks/Spife/lib/views/index.js
View File

@@ -54,7 +54,7 @@ function redirect(req, context) { // test: handler
return reply.redirect(context.get('redirect_url')) // test: redirectSink, source, stackTraceExposureSink
}
function raw2(req, context) { // test: handler
return reply.cookie({ "test": req.query.name }, "test", req.query.name, { "httpOnly": false, "secure": false }) // test: source, cleartextStorageSink, stackTraceExposureSink
return reply.cookie({ "test": req.query.name }, "test", req.query.name, { "httpOnly": false, "secure": false }) // test: source, cleartextStorageSink, stackTraceExposureSink, cookieDefinition
}
function test1(req, context) { // test: handler
@@ -62,9 +62,9 @@ function test1(req, context) { // test: handler
case 'json':
return { "some": req.query.name } // test: source, stackTraceExposureSink
case 'html':
return reply.header('<p>' + req.query.name + '</p>', 'content-type', 'text/html') // test: source, xssSink, stackTraceExposureSink, xss
return reply.header('<p>' + req.query.name + '</p>', 'content-type', 'text/html') // test: source, xssSink, stackTraceExposureSink, xss, headerDefinition
case 'plain':
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition
}
return 'well, I guess you just want plaintext.'
}
@@ -74,7 +74,7 @@ function test2(req, context) { // test: handler
case 'json':
return { "some": req.query.name } // test: source, stackTraceExposureSink
case 'html':
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss
return reply.header('<p>' + req.query.name + '</p>', { 'content-type': 'text/plain' }) // test: source, stackTraceExposureSink, !xssSink, !xss, headerDefinition
}
return 'well, I guess you just want plaintext.'
}
@@ -104,7 +104,7 @@ function test6(req, context) { // test: handler
if (message.contains('foo')) {
return reply(message, 200, { 'npm-notice': message }) // test: stackTraceExposureSink, !xssSink, !xss
} else {
return reply(message, 200, { 'npm-notice': message, 'content-type': 'text/html' }) // test: stackTraceExposureSink, xssSink, xss
return reply(message, 200, { 'npm-notice': message, 'content-type': 'text/html' }) // test: stackTraceExposureSink, xssSink, xss, headerDefinition
}
}

42
javascript/ql/test/library-tests/frameworks/Spife/tests.expected
View File

@@ -1,6 +1,7 @@
passingPositiveTests
| PASSED | candidateHandler | lib/views/index.js:82:32:82:56 | // test ... Handler |
| PASSED | cleartextStorageSink | lib/views/index.js:57:115:57:175 | // test ... ureSink |
| PASSED | cleartextStorageSink | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | cookieDefinition | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | corsMiconfigurationSink | lib/views/index.js:45:41:45:72 | // test ... ionSink |
| PASSED | handler | lib/views/index.js:23:40:23:55 | // test: handler |
| PASSED | handler | lib/views/index.js:28:35:28:50 | // test: handler |
@@ -12,6 +13,10 @@ passingPositiveTests
| PASSED | handler | lib/views/index.js:86:32:86:47 | // test: handler |
| PASSED | handler | lib/views/index.js:93:32:93:47 | // test: handler |
| PASSED | handler | lib/views/index.js:100:32:100:47 | // test: handler |
| PASSED | headerDefinition | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | headerDefinition | lib/views/index.js:107:88:107:150 | // test ... inition |
| PASSED | redirectSink | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | source | lib/views/index.js:24:56:24:70 | // test: source |
| PASSED | source | lib/views/index.js:29:28:29:42 | // test: source |
@@ -26,12 +31,12 @@ passingPositiveTests
| PASSED | source | lib/views/index.js:42:24:42:38 | // test: source |
| PASSED | source | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | source | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | source | lib/views/index.js:57:115:57:175 | // test ... ureSink |
| PASSED | source | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | source | lib/views/index.js:63:41:63:79 | // test ... ureSink |
| PASSED | source | lib/views/index.js:65:89:65:141 | // test ... nk, xss |
| PASSED | source | lib/views/index.js:67:94:67:148 | // test ... k, !xss |
| PASSED | source | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | source | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | source | lib/views/index.js:75:41:75:79 | // test ... ureSink |
| PASSED | source | lib/views/index.js:77:94:77:148 | // test ... k, !xss |
| PASSED | source | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | source | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | source | lib/views/index.js:87:25:87:39 | // test: source |
| PASSED | source | lib/views/index.js:94:25:94:39 | // test: source |
@@ -40,32 +45,33 @@ passingPositiveTests
| PASSED | stackTraceExposureSink | lib/views/index.js:38:61:38:122 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:54:54:54:106 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:57:115:57:175 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:57:115:57:193 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:63:41:63:79 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:65:89:65:141 | // test ... nk, xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:67:94:67:148 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:75:41:75:79 | // test ... ureSink |
| PASSED | stackTraceExposureSink | lib/views/index.js:77:94:77:148 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:90:57:90:103 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:105:59:105:105 | // test ... k, !xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:107:88:107:132 | // test ... nk, xss |
| PASSED | stackTraceExposureSink | lib/views/index.js:107:88:107:150 | // test ... inition |
| PASSED | stackTraceExposureSink | lib/views/index.js:112:34:112:72 | // test ... ureSink |
| PASSED | templateInstantiation | lib/views/index.js:38:61:38:122 | // test ... ureSink |
| PASSED | xss | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | xss | lib/views/index.js:65:89:65:141 | // test ... nk, xss |
| PASSED | xss | lib/views/index.js:107:88:107:132 | // test ... nk, xss |
| PASSED | xss | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | xss | lib/views/index.js:107:88:107:150 | // test ... inition |
| PASSED | xssSink | lib/views/index.js:43:39:43:91 | // test ... nk, xss |
| PASSED | xssSink | lib/views/index.js:65:89:65:141 | // test ... nk, xss |
| PASSED | xssSink | lib/views/index.js:107:88:107:132 | // test ... nk, xss |
| PASSED | xssSink | lib/views/index.js:65:89:65:159 | // test ... inition |
| PASSED | xssSink | lib/views/index.js:107:88:107:150 | // test ... inition |
failingPositiveTests
passingNegativeTests
| PASSED | !xss | lib/views/index.js:67:94:67:148 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:77:94:77:148 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | !xss | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | !xss | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | !xss | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:67:94:67:148 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:77:94:77:148 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:67:94:67:166 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:77:94:77:166 | // test ... inition |
| PASSED | !xssSink | lib/views/index.js:83:49:83:103 | // test ... k, !xss |
| PASSED | !xssSink | lib/views/index.js:97:30:97:76 | // test ... k, !xss |
failingNegativeTests

36
javascript/ql/test/library-tests/frameworks/Spife/tests.ql
View File

@@ -33,6 +33,15 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasPositiveTest(expectation) and
(
expectation = "headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "templateInstantiation" and
exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "source" and
exists(RemoteFlowSource n | t.inNode(n))
or
@@ -74,6 +83,15 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasPositiveTest(expectation) and
(
expectation = "headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "templateInstantiation" and
not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "source" and
not exists(RemoteFlowSource n | t.inNode(n))
or
@@ -115,6 +133,15 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest
res = "PASSED" and
t.hasNegativeTest(expectation) and
(
expectation = "!headerDefinition" and
not exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "!cookieDefinition" and
not exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "!templateInstantiation" and
not exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "!source" and
not exists(RemoteFlowSource n | t.inNode(n))
or
@@ -156,6 +183,15 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest
res = "FAILED" and
t.hasNegativeTest(expectation) and
(
expectation = "!headerDefinition" and
exists(Http::HeaderDefinition n | t.inNode(n))
or
expectation = "!cookieDefinition" and
exists(Http::CookieDefinition n | t.inNode(n))
or
expectation = "!templateInstantiation" and
exists(Templating::TemplateInstantiation::Range n | t.inNode(n))
or
expectation = "!source" and
exists(RemoteFlowSource n | t.inNode(n))
or