hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port Xxe

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:26:42 +02:00
parent c2d170b4fd
commit b8847dbc5d
3 changed files with 34 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected
View File

@@ -1,49 +1,21 @@
nodes
| domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:11:55:11:57 | src |
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| domparser.js:14:57:14:59 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files |
| libxml.noent.js:16:27:16:35 | req.files |
| libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
edges
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:44 | req.files.products | libxml.noent.js:16:27:16:49 | req.fil ... ts.data |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
nodes
| domparser.js:2:7:2:36 | src | semmle.label | src |
| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
| domparser.js:11:55:11:57 | src | semmle.label | src |
| domparser.js:14:57:14:59 | src | semmle.label | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files | semmle.label | req.files |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
subpaths
#select
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |