hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

separate message for double and single quotes

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-02-01 23:54:12 +01:00
parent 3f1e81533c
commit ca435763b0
3 changed files with 65 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteBlacklistSanitizer.expected
View File

@@ -1,50 +1,65 @@
| tst.js:206:2:206:24 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize ampersands |
| tst.js:206:2:206:24 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:207:2:207:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:206:2:206:24 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:206:2:206:24 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:207:2:207:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:207:2:207:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:208:2:208:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:208:2:208:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:208:2:208:26 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:209:2:209:40 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:209:2:209:40 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:210:2:210:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:211:2:211:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:212:2:212:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:209:2:209:40 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:209:2:209:40 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:210:2:210:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:210:2:210:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:211:2:211:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:211:2:211:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:212:2:212:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:212:2:212:58 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:215:6:215:24 | s.replace(/>/g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:215:6:215:24 | s.replace(/>/g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:216:2:216:93 | s().rep ... "') | This HTML sanitizer does not sanitize quotes |
| tst.js:217:2:217:93 | s().rep ... '') | This HTML sanitizer does not sanitize quotes |
| tst.js:223:2:223:107 | s().rep ... &') | This HTML sanitizer does not sanitize quotes |
| tst.js:215:6:215:24 | s.replace(/>/g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:215:6:215:24 | s.replace(/>/g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:216:2:216:93 | s().rep ... "') | This HTML sanitizer does not sanitize single quotes |
| tst.js:217:2:217:93 | s().rep ... '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:223:2:223:107 | s().rep ... &') | This HTML sanitizer does not sanitize single quotes |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize ampersands |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:244:9:244:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:244:9:244:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:244:9:244:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:245:9:245:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:245:9:245:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:246:9:246:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:251:9:251:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:245:9:245:33 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:246:9:246:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:251:9:251:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:253:21:253:45 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:253:21:253:45 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:253:21:253:45 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:254:32:254:56 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:254:32:254:56 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:254:32:254:56 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:255:26:255:50 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:255:26:255:50 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:255:26:255:50 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:256:15:256:39 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:256:15:256:39 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:261:10:261:81 | value.r ... '>') | This HTML sanitizer does not sanitize quotes |
| tst.js:256:15:256:39 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:261:10:261:81 | value.r ... '>') | This HTML sanitizer does not sanitize double quotes |
| tst.js:261:10:261:81 | value.r ... '>') | This HTML sanitizer does not sanitize single quotes |
| tst.js:270:61:270:85 | s().rep ... /g, '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:270:61:270:85 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:270:61:270:85 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:272:28:272:50 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize ampersands |
| tst.js:272:28:272:50 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:272:28:272:50 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:272:28:272:50 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:274:12:274:94 | s().val ... g , '') | This HTML sanitizer does not sanitize ampersands |
| tst.js:274:12:274:94 | s().val ... g , '') | This HTML sanitizer does not sanitize quotes |
| tst.js:274:12:274:94 | s().val ... g , '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:274:12:274:94 | s().val ... g , '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:277:9:277:29 | arr2.re ... "/g,"") | This HTML sanitizer does not sanitize ampersands |
| tst.js:277:9:277:29 | arr2.re ... "/g,"") | This HTML sanitizer does not sanitize quotes |
| tst.js:284:6:284:30 | x.repla ... quot;') | This HTML sanitizer does not sanitize quotes |
| tst.js:294:7:294:31 | y.repla ... quot;') | This HTML sanitizer does not sanitize quotes |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:277:9:277:29 | arr2.re ... "/g,"") | This HTML sanitizer does not sanitize single quotes |
| tst.js:284:6:284:30 | x.repla ... quot;') | This HTML sanitizer does not sanitize single quotes |
| tst.js:294:7:294:31 | y.repla ... quot;') | This HTML sanitizer does not sanitize single quotes |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize ampersands |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:303:10:303:34 | s().rep ... /g, '') | This HTML sanitizer does not sanitize quotes |
| tst.js:304:9:304:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:305:10:305:34 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize quotes |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:303:10:303:34 | s().rep ... /g, '') | This HTML sanitizer does not sanitize double quotes |
| tst.js:303:10:303:34 | s().rep ... /g, '') | This HTML sanitizer does not sanitize single quotes |
| tst.js:304:9:304:33 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize single quotes |
| tst.js:305:10:305:34 | s().rep ... ]/g,'') | This HTML sanitizer does not sanitize double quotes |

24
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected
View File

@@ -56,15 +56,15 @@ edges
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') |
#select
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:249:9:249:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:250:9:250:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or quotes when it reaches this attribute definition. | tst.js:253:21:253:45 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or quotes when it reaches this attribute definition. | tst.js:254:32:254:56 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or quotes when it reaches this attribute definition. | tst.js:270:61:270:85 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:275:9:275:21 | arr.join(" ") | tst.js:274:12:274:94 | s().val ... g , '') | tst.js:275:9:275:21 | arr.join(" ") | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:274:12:274:94 | s().val ... g , '') | this final HTML sanitizer step |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:300:10:300:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:301:10:301:32 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:302:10:302:34 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain quotes when it reaches this attribute definition. | tst.js:303:10:303:34 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:249:9:249:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:250:9:250:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:253:21:253:45 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:254:32:254:56 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:270:61:270:85 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:275:9:275:21 | arr.join(" ") | tst.js:274:12:274:94 | s().val ... g , '') | tst.js:275:9:275:21 | arr.join(" ") | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:274:12:274:94 | s().val ... g , '') | this final HTML sanitizer step |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:300:10:300:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:301:10:301:32 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:302:10:302:34 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:303:10:303:34 | s().rep ... /g, '') | this final HTML sanitizer step |