hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

update comment position to match alert location for CWE-776

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-07-08 10:10:02 +02:00
parent 2235634347
commit bcffc97de7
4 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected
View File

@@ -15,9 +15,9 @@ nodes
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| domparser.js:14:57:14:59 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:6:16:6:36 | req.par ... e-xml") |
| expat.js:6:16:6:36 | req.par ... e-xml") |
| expat.js:6:16:6:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src |
| jquery.js:2:13:2:29 | document.location |
| jquery.js:2:13:2:29 | document.location |
@@ -30,12 +30,12 @@ nodes
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
edges
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src |
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src |
@@ -51,7 +51,7 @@ edges
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") | expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src |
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src |
| jquery.js:2:13:2:29 | document.location | jquery.js:2:13:2:36 | documen ... .search |
@@ -59,16 +59,16 @@ edges
| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src |
| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
#select
| closure.js:4:24:4:26 | src | closure.js:2:13:2:29 | document.location | closure.js:4:24:4:26 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | closure.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:6:37:6:39 | src | domparser.js:2:13:2:29 | document.location | domparser.js:6:37:6:39 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:29 | document.location | domparser.js:11:55:11:57 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:29 | document.location | domparser.js:14:57:14:59 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| expat.js:7:16:7:36 | req.par ... e-xml") | expat.js:7:16:7:36 | req.par ... e-xml") | expat.js:7:16:7:36 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | expat.js:7:16:7:36 | req.par ... e-xml") | user-provided value |
| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | expat.js:6:16:6:36 | req.par ... e-xml") | user-provided value |
| jquery.js:5:14:5:16 | src | jquery.js:2:13:2:29 | document.location | jquery.js:5:14:5:16 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | jquery.js:2:13:2:29 | document.location | user-provided value |
| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.sax.js:7:22:7:42 | req.par ... e-xml") | user-provided value |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | user-provided value |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |

3
javascript/ql/test/query-tests/Security/CWE-776/expat.js
View File

@@ -2,7 +2,6 @@ const express = require('express');
const expat = require('node-expat');
express().get('/some/path', function(req) {
// NOT OK: expat expands internal entities by default
var parser = new expat.Parser();
parser.write(req.param("some-xml"));
parser.write(req.param("some-xml")); // NOT OK: expat expands internal entities by default
});

3
javascript/ql/test/query-tests/Security/CWE-776/libxml.sax.js
View File

@@ -2,7 +2,6 @@ const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
// NOT OK: the SAX parser expands external entities by default
const parser = new libxmljs.SaxParser();
parser.parseString(req.param("some-xml"));
parser.parseString(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
});

3
javascript/ql/test/query-tests/Security/CWE-776/libxml.saxpush.js
View File

@@ -2,7 +2,6 @@ const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function(req) {
// NOT OK: the SAX parser expands external entities by default
const parser = new libxmljs.SaxPushParser();
parser.push(req.param("some-xml"));
parser.push(req.param("some-xml")); // NOT OK: the SAX parser expands external entities by default
});