hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Port RemotePropertyInjection

Browse Source
This commit is contained in:
Asger F
2023-10-05 09:21:55 +02:00
parent dcc73a7f90
commit b9bd0520e2
3 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected
View File

@@ -1,37 +1,35 @@
nodes
| tst.js:8:6:8:52 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:9:8:9:11 | prop |
| tst.js:9:8:9:11 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:16:10:16:13 | prop |
| tst.js:16:10:16:13 | prop |
| tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:8:17:8:23 | userVal |
edges
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x |
| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x |
| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result |
| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result |
| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
nodes
| tst.js:8:6:8:52 | prop | semmle.label | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | semmle.label | req.que ... trolled |
| tst.js:9:8:9:11 | prop | semmle.label | prop |
| tst.js:13:15:13:18 | prop | semmle.label | prop |
| tst.js:14:31:14:34 | prop | semmle.label | prop |
| tst.js:16:10:16:13 | prop | semmle.label | prop |
| tst.js:21:25:21:25 | x | semmle.label | x |
| tst.js:22:6:22:15 | result | semmle.label | result |
| tst.js:22:15:22:15 | x | semmle.label | x |
| tst.js:23:9:23:14 | result | semmle.label | result |
| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) |
| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url |
| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal |
subpaths
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) |
#select
| tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
| tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |