add tests

javascript/ql/test/query-tests/Security/CWE-079/Xss.expected

@@ -347,6 +347,14 @@ nodes
 | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:355:12:355:17 | target |
 | tst.js:355:12:355:17 | target |
+| tst.js:361:10:361:42 | target |
+| tst.js:361:19:361:35 | document.location |
+| tst.js:361:19:361:35 | document.location |
+| tst.js:361:19:361:42 | documen ... .search |
+| tst.js:362:16:362:21 | target |
+| tst.js:362:16:362:21 | target |
+| tst.js:366:21:366:26 | target |
+| tst.js:366:21:366:26 | target |
 | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:38 | document.location |
 | typeahead.js:20:22:20:38 | document.location |
@@ -670,6 +678,13 @@ edges
 | tst.js:354:16:354:32 | document.location | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:354:16:354:32 | document.location | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:354:16:354:39 | documen ... .search | tst.js:354:7:354:39 | target |
+| tst.js:361:10:361:42 | target | tst.js:362:16:362:21 | target |
+| tst.js:361:10:361:42 | target | tst.js:362:16:362:21 | target |
+| tst.js:361:10:361:42 | target | tst.js:366:21:366:26 | target |
+| tst.js:361:10:361:42 | target | tst.js:366:21:366:26 | target |
+| tst.js:361:19:361:35 | document.location | tst.js:361:19:361:42 | documen ... .search |
+| tst.js:361:19:361:35 | document.location | tst.js:361:19:361:42 | documen ... .search |
+| tst.js:361:19:361:42 | documen ... .search | tst.js:361:10:361:42 | target |
 | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
 | typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
 | typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
@@ -772,6 +787,8 @@ edges
 | tst.js:336:18:336:35 | params.get('name') | tst.js:330:18:330:34 | document.location | tst.js:336:18:336:35 | params.get('name') | Cross-site scripting vulnerability due to $@. | tst.js:330:18:330:34 | document.location | user-provided value |
 | tst.js:349:5:349:30 | getUrl( ... ring(1) | tst.js:347:20:347:36 | document.location | tst.js:349:5:349:30 | getUrl( ... ring(1) | Cross-site scripting vulnerability due to $@. | tst.js:347:20:347:36 | document.location | user-provided value |
 | tst.js:355:12:355:17 | target | tst.js:354:16:354:32 | document.location | tst.js:355:12:355:17 | target | Cross-site scripting vulnerability due to $@. | tst.js:354:16:354:32 | document.location | user-provided value |
+| tst.js:362:16:362:21 | target | tst.js:361:19:361:35 | document.location | tst.js:362:16:362:21 | target | Cross-site scripting vulnerability due to $@. | tst.js:361:19:361:35 | document.location | user-provided value |
+| tst.js:366:21:366:26 | target | tst.js:361:19:361:35 | document.location | tst.js:366:21:366:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:361:19:361:35 | document.location | user-provided value |
 | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:38 | document.location | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:38 | document.location | user-provided value |
 | v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
 | winjs.js:3:43:3:49 | tainted | winjs.js:2:17:2:33 | document.location | winjs.js:3:43:3:49 | tainted | Cross-site scripting vulnerability due to $@. | winjs.js:2:17:2:33 | document.location | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/XssWithAdditionalSources.expected

@@ -347,6 +347,14 @@ nodes
 | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:355:12:355:17 | target |
 | tst.js:355:12:355:17 | target |
+| tst.js:361:10:361:42 | target |
+| tst.js:361:19:361:35 | document.location |
+| tst.js:361:19:361:35 | document.location |
+| tst.js:361:19:361:42 | documen ... .search |
+| tst.js:362:16:362:21 | target |
+| tst.js:362:16:362:21 | target |
+| tst.js:366:21:366:26 | target |
+| tst.js:366:21:366:26 | target |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:10:16:10:18 | loc |
@@ -674,6 +682,13 @@ edges
 | tst.js:354:16:354:32 | document.location | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:354:16:354:32 | document.location | tst.js:354:16:354:39 | documen ... .search |
 | tst.js:354:16:354:39 | documen ... .search | tst.js:354:7:354:39 | target |
+| tst.js:361:10:361:42 | target | tst.js:362:16:362:21 | target |
+| tst.js:361:10:361:42 | target | tst.js:362:16:362:21 | target |
+| tst.js:361:10:361:42 | target | tst.js:366:21:366:26 | target |
+| tst.js:361:10:361:42 | target | tst.js:366:21:366:26 | target |
+| tst.js:361:19:361:35 | document.location | tst.js:361:19:361:42 | documen ... .search |
+| tst.js:361:19:361:35 | document.location | tst.js:361:19:361:42 | documen ... .search |
+| tst.js:361:19:361:42 | documen ... .search | tst.js:361:10:361:42 | target |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

javascript/ql/test/query-tests/Security/CWE-079/tst.js

@@ -355,3 +355,18 @@ function growl() {
   $.jGrowl(target); // NOT OK
 }
 
+function thisNodes() {
+	var pluginName = "myFancyJQueryPlugin";
+	var myPlugin = function () {
+	    var target = document.location.search
+	    this.html(target); // NOT OK. (this is a jQuery object)
+		this.innerHTML = target // OK. (this is a jQuery object)
+	
+		this.each(function () {
+			this.innerHTML = target; // NOT OK. (this is a DOM-node);
+			this.html(target); // OK. (this is a DOM-node);
+		});
+	}
+	$.fn[pluginName] = myPlugin; 
+
+}