Updated expected test result files using HEAD version of codeql

2026-04-26 01:05:15 +02:00 · 2025-01-24 15:46:09 +00:00
parent c9a775d737
commit d248551e88
7 changed files with 41 additions and 60 deletions
--- a/javascript/ql/src/Security/CWE-079/ExceptionXss.expected
+++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.expected
@@ -1,8 +1,6 @@
 nodes
-| examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() |
-| examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() |
-| examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() |
+| examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() |
 edges
-| examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() |
+subpaths
 #select
 | examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | examples/ExceptionXssAjv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error |
--- a/javascript/ql/src/Security/CWE-079/ReflectedXss.expected
+++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.expected
@@ -1,12 +1,8 @@
-nodes
-| examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
-| examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id |
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id |
 edges
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
-| examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id |
+| examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id | provenance |  |
+nodes
+| examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
+| examples/ReflectedXss.js:6:33:6:45 | req.params.id | semmle.label | req.params.id |
+subpaths
 #select
 | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id | examples/ReflectedXss.js:6:33:6:45 | req.params.id | examples/ReflectedXss.js:6:14:6:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | examples/ReflectedXss.js:6:33:6:45 | req.params.id | user-provided value |
--- a/javascript/ql/src/Security/CWE-079/StoredXss.expected
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.expected
@@ -1,30 +1,21 @@
-nodes
-| examples/StoredXss.js:5:44:5:52 | fileNames |
-| examples/StoredXss.js:5:44:5:52 | fileNames |
-| examples/StoredXss.js:7:9:7:17 | fileNames |
-| examples/StoredXss.js:7:27:7:34 | fileName |
-| examples/StoredXss.js:9:13:9:16 | list |
-| examples/StoredXss.js:9:13:9:47 | list |
-| examples/StoredXss.js:9:21:9:47 | '<li>'  ... '</li>' |
-| examples/StoredXss.js:9:30:9:37 | fileName |
-| examples/StoredXss.js:11:9:11:12 | list |
-| examples/StoredXss.js:11:9:11:23 | list |
-| examples/StoredXss.js:12:18:12:21 | list |
-| examples/StoredXss.js:12:18:12:21 | list |
 edges
-| examples/StoredXss.js:5:44:5:52 | fileNames | examples/StoredXss.js:7:9:7:17 | fileNames |
-| examples/StoredXss.js:5:44:5:52 | fileNames | examples/StoredXss.js:7:9:7:17 | fileNames |
-| examples/StoredXss.js:7:9:7:17 | fileNames | examples/StoredXss.js:7:27:7:34 | fileName |
-| examples/StoredXss.js:7:27:7:34 | fileName | examples/StoredXss.js:9:30:9:37 | fileName |
-| examples/StoredXss.js:9:13:9:16 | list | examples/StoredXss.js:9:13:9:47 | list |
-| examples/StoredXss.js:9:13:9:47 | list | examples/StoredXss.js:9:13:9:16 | list |
-| examples/StoredXss.js:9:13:9:47 | list | examples/StoredXss.js:11:9:11:12 | list |
-| examples/StoredXss.js:9:21:9:47 | '<li>'  ... '</li>' | examples/StoredXss.js:9:13:9:47 | list |
-| examples/StoredXss.js:9:30:9:37 | fileName | examples/StoredXss.js:9:21:9:47 | '<li>'  ... '</li>' |
-| examples/StoredXss.js:11:9:11:12 | list | examples/StoredXss.js:11:9:11:23 | list |
-| examples/StoredXss.js:11:9:11:23 | list | examples/StoredXss.js:9:13:9:16 | list |
-| examples/StoredXss.js:11:9:11:23 | list | examples/StoredXss.js:11:9:11:12 | list |
-| examples/StoredXss.js:11:9:11:23 | list | examples/StoredXss.js:12:18:12:21 | list |
-| examples/StoredXss.js:11:9:11:23 | list | examples/StoredXss.js:12:18:12:21 | list |
+| examples/StoredXss.js:5:44:5:52 | fileNames | examples/StoredXss.js:7:9:7:17 | fileNames | provenance |  |
+| examples/StoredXss.js:7:9:7:17 | fileNames | examples/StoredXss.js:7:27:7:34 | fileName | provenance |  |
+| examples/StoredXss.js:7:9:7:17 | fileNames | examples/StoredXss.js:11:9:11:12 | list | provenance |  |
+| examples/StoredXss.js:7:27:7:34 | fileName | examples/StoredXss.js:9:30:9:37 | fileName | provenance |  |
+| examples/StoredXss.js:9:30:9:37 | fileName | examples/StoredXss.js:9:13:9:47 | list | provenance |  |
+| examples/StoredXss.js:11:9:11:12 | list | examples/StoredXss.js:11:9:11:23 | list | provenance |  |
+| examples/StoredXss.js:11:9:11:23 | list | examples/StoredXss.js:12:18:12:21 | list | provenance |  |
+nodes
+| examples/StoredXss.js:5:44:5:52 | fileNames | semmle.label | fileNames |
+| examples/StoredXss.js:7:9:7:17 | fileNames | semmle.label | fileNames |
+| examples/StoredXss.js:7:27:7:34 | fileName | semmle.label | fileName |
+| examples/StoredXss.js:9:13:9:47 | list | semmle.label | list |
+| examples/StoredXss.js:9:30:9:37 | fileName | semmle.label | fileName |
+| examples/StoredXss.js:11:9:11:12 | list | semmle.label | list |
+| examples/StoredXss.js:11:9:11:23 | list | semmle.label | list |
+| examples/StoredXss.js:12:18:12:21 | list | semmle.label | list |
+subpaths
+| examples/StoredXss.js:7:9:7:17 | fileNames | examples/StoredXss.js:7:27:7:34 | fileName | examples/StoredXss.js:9:13:9:47 | list | examples/StoredXss.js:11:9:11:12 | list |
 #select
 | examples/StoredXss.js:12:18:12:21 | list | examples/StoredXss.js:5:44:5:52 | fileNames | examples/StoredXss.js:12:18:12:21 | list | Stored cross-site scripting vulnerability due to $@. | examples/StoredXss.js:5:44:5:52 | fileNames | stored value |
--- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.expected
+++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.expected
@@ -1,3 +1,4 @@
 nodes
 edges
+subpaths
 #select
--- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.expected
+++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.expected
@@ -1,13 +1,10 @@
-nodes
-| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options |
-| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options |
-| examples/UnsafeJQueryPlugin.js:3:22:3:28 | options |
-| examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector |
-| examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector |
 edges
-| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options | examples/UnsafeJQueryPlugin.js:3:22:3:28 | options |
-| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options | examples/UnsafeJQueryPlugin.js:3:22:3:28 | options |
-| examples/UnsafeJQueryPlugin.js:3:22:3:28 | options | examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector |
-| examples/UnsafeJQueryPlugin.js:3:22:3:28 | options | examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector |
+| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options | examples/UnsafeJQueryPlugin.js:3:22:3:28 | options | provenance |  |
+| examples/UnsafeJQueryPlugin.js:3:22:3:28 | options | examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector | provenance |  |
+nodes
+| examples/UnsafeJQueryPlugin.js:1:31:1:37 | options | semmle.label | options |
+| examples/UnsafeJQueryPlugin.js:3:22:3:28 | options | semmle.label | options |
+| examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector | semmle.label | options ... elector |
+subpaths
 #select
 | examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector | examples/UnsafeJQueryPlugin.js:1:31:1:37 | options | examples/UnsafeJQueryPlugin.js:3:22:3:43 | options ... elector | Potential XSS vulnerability in the $@. | examples/UnsafeJQueryPlugin.js:1:22:6:1 | functio ... ext);\\n} | '$.fn.copyText' plugin |
--- a/javascript/ql/src/Security/CWE-079/Xss.expected
+++ b/javascript/ql/src/Security/CWE-079/Xss.expected
@@ -1,3 +1,4 @@
 nodes
 edges
+subpaths
 #select
--- a/javascript/ql/src/Security/CWE-079/XssThroughDom.expected
+++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.expected
@@ -1,13 +1,10 @@
-nodes
-| examples/XssThroughDom.js:2:9:2:44 | target |
-| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") |
-| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") |
-| examples/XssThroughDom.js:3:7:3:12 | target |
-| examples/XssThroughDom.js:3:7:3:12 | target |
 edges
-| examples/XssThroughDom.js:2:9:2:44 | target | examples/XssThroughDom.js:3:7:3:12 | target |
-| examples/XssThroughDom.js:2:9:2:44 | target | examples/XssThroughDom.js:3:7:3:12 | target |
-| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | examples/XssThroughDom.js:2:9:2:44 | target |
-| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | examples/XssThroughDom.js:2:9:2:44 | target |
+| examples/XssThroughDom.js:2:9:2:44 | target | examples/XssThroughDom.js:3:7:3:12 | target | provenance |  |
+| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | examples/XssThroughDom.js:2:9:2:44 | target | provenance |  |
+nodes
+| examples/XssThroughDom.js:2:9:2:44 | target | semmle.label | target |
+| examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | semmle.label | $(this) ... arget") |
+| examples/XssThroughDom.js:3:7:3:12 | target | semmle.label | target |
+subpaths
 #select
 | examples/XssThroughDom.js:3:7:3:12 | target | examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | examples/XssThroughDom.js:3:7:3:12 | target | $@ is reinterpreted as HTML without escaping meta-characters. | examples/XssThroughDom.js:2:18:2:44 | $(this) ... arget") | DOM text |