JS: add newline removal tests for js/incomplete-sanitization

2026-05-01 11:45:14 +02:00 · 2019-04-23 08:37:39 +02:00
parent a61ca489f1
commit bdbd00e046
2 changed files with 12 additions and 1 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.expected
@@ -25,4 +25,7 @@
 | tst.js:140:2:140:27 | s.repla ... replace | This replaces only the first occurrence of /}/. |
 | tst.js:141:2:141:10 | s.replace | This replaces only the first occurrence of ']'. |
 | tst.js:141:2:141:27 | s.repla ... replace | This replaces only the first occurrence of '['. |
-| tst.js:185:9:185:17 | s.replace | This replaces only the first occurrence of /'/. |
+| tst.js:146:2:146:68 | require ... replace | This replaces only the first occurrence of "\\n". |
+| tst.js:148:2:148:10 | x.replace | This replaces only the first occurrence of "\\n". |
+| tst.js:149:2:149:24 | x.repla ... replace | This replaces only the first occurrence of "\\n". |
+| tst.js:193:9:193:17 | s.replace | This replaces only the first occurrence of /'/. |
--- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -141,6 +141,14 @@ function good12(s) {
 	s.replace(']', '').replace('[', ''); // probably OK, but still flagged
 }

+function newlines(s) {
+	// motivation for whitelist
+	require("child_process").execSync("which emacs").toString().replace("\n", ""); // OK
+
+	x.replace("\n", "").replace(x, y); // NOT OK
+	x.replace(x, y).replace("\n", ""); // NOT OK
+}
+
 app.get('/some/path', function(req, res) {
  let untrusted = req.param("p");