hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Update expected output.

Browse Source
This commit is contained in:
Max Schaefer
2019-10-21 12:26:47 +01:00
parent 278ea90049
commit dc1d1c2f22
25 changed files with 325 additions and 695 deletions
Download Patch File Download Diff File Expand all files Collapse all files

666
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

4
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -1,5 +1,7 @@
nodes
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
@@ -12,6 +14,8 @@ nodes
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
edges
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |

8
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -19,11 +19,13 @@ nodes
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
@@ -31,6 +33,7 @@ nodes
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:50:15:50:17 | cmd |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
@@ -70,6 +73,7 @@ nodes
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
@@ -91,13 +95,16 @@ edges
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
@@ -131,6 +138,7 @@ edges
| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select
| child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |
| child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command depends on $@. | child_process-test.js:6:25:6:31 | req.url | a user-provided value |

10
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection.expected
View File

@@ -5,21 +5,25 @@ nodes
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
@@ -55,20 +59,25 @@ nodes
| command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
edges
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args |
@@ -100,6 +109,7 @@ edges
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
#select
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument |

8
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment.expected
View File

@@ -5,21 +5,25 @@ nodes
| child_process-test.js:38:12:38:20 | '/bin/sh' |
| child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args |
| child_process-test.js:41:16:41:17 | [] |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:44:30:44:33 | args |
| child_process-test.js:46:9:46:12 | "sh" |
| child_process-test.js:46:15:46:18 | args |
| child_process-test.js:48:9:48:17 | args |
| child_process-test.js:48:16:48:17 | [] |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:51:35:51:38 | args |
| child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:55:19:55:22 | args |
| child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname |
@@ -28,15 +32,19 @@ edges
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
| tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:5:14:5:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:5:36:5:44 | __dirname | tst_shell-command-injection-from-environment.js:5:26:5:53 | path.jo ... "temp") |
#select

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -32,7 +32,6 @@ nodes
| promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
@@ -87,7 +86,6 @@ edges
| partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value |
| partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value |
| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
| tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value |
| tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value |
| tst2.js:18:12:18:12 | p | tst2.js:14:9:14:9 | p | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:14:9:14:9 | p | user-provided value |

14
javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
View File

@@ -30,6 +30,7 @@ nodes
| stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location |
@@ -185,12 +186,17 @@ nodes
| tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted |
| tst.js:256:7:256:17 | window.name |
| tst.js:256:7:256:17 | window.name |
| tst.js:257:7:257:10 | name |
| tst.js:257:7:257:10 | name |
| tst.js:261:11:261:21 | window.name |
| tst.js:261:11:261:21 | window.name |
| tst.js:277:22:277:29 | location |
| tst.js:277:22:277:29 | location |
| tst.js:282:9:282:29 | tainted |
| tst.js:282:19:282:29 | window.name |
| tst.js:285:59:285:65 | tainted |
| tst.js:285:59:285:65 | tainted |
| v-html.vue:2:8:2:23 | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location |
| winjs.js:2:7:2:53 | tainted |
@@ -222,6 +228,7 @@ edges
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
@@ -342,8 +349,13 @@ edges
| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name |
| tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name |
| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name |
| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location |
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
| tst.js:282:19:282:29 | window.name | tst.js:285:59:285:65 | tainted |
| tst.js:285:59:285:65 | tainted | tst.js:285:59:285:65 | tainted |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |

40
javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected
View File

@@ -1,25 +1,65 @@
nodes
| tst.js:5:15:5:30 | req.query.format |
| tst.js:5:15:5:30 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
edges
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format |
| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format |
| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format |
| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format |
| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format |
| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format |
| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format |
| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format |
| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format |
| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format |
| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format |
| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format |
| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format |
| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format |
| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format |
| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format |
| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format |
| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format |
#select
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | $@ flows here and is used in a format string. | tst.js:5:15:5:30 | req.query.format | User-provided value |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | $@ flows here and is used in a format string. | tst.js:6:26:6:41 | req.query.format | User-provided value |

6
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
View File

@@ -1,17 +1,23 @@
nodes
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar.js:1:27:1:34 | userName |
edges
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName |
#select
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | here |
| PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | Sensitive data returned from $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | here |

26
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,12 +1,17 @@
nodes
| passwords.js:2:17:2:24 | password |
| passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x |
| passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password |
| passwords.js:16:17:16:38 | `${name ... sword}` |
@@ -54,17 +59,28 @@ nodes
| passwords.js:136:17:136:24 | config.x |
| passwords.js:137:17:137:24 | config.y |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password |
| passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:8:17:8:17 | x |
edges
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x |
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 |
@@ -91,10 +107,16 @@ edges
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:9:132:5 | config |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
#select

16
javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
View File

@@ -7,12 +7,20 @@ nodes
| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
| CleartextStorage.js:7:26:7:27 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
edges
| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw |
@@ -20,6 +28,14 @@ edges
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password | tst-angularjs.js:6:33:6:46 | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password | tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password | tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password | tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password | tst-webstorage.js:4:29:4:41 | data.password |
#select
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | Sensitive data returned by $@ is stored here. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password |
| CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | Sensitive data returned by $@ is stored here. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |

6
javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected
View File

@@ -2,11 +2,17 @@ nodes
| tst.js:3:5:3:24 | secretText |
| tst.js:3:18:3:24 | trusted |
| tst.js:11:17:11:26 | secretText |
| tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:19:17:19:24 | password |
| tst.js:19:17:19:24 | password |
edges
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted |
| tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password |
#select
| tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | tst.js:3:18:3:24 | trusted | an access to trusted |
| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | tst.js:11:17:11:26 | secretText | an access to secretText |

16
javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected
View File

@@ -1,8 +1,10 @@
nodes
| tst.js:2:20:2:32 | Math.random() |
| tst.js:2:20:2:32 | Math.random() |
| tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix |
| tst.js:19:18:19:30 | Math.random() |
| tst.js:19:18:19:36 | Math.random() % 255 |
@@ -14,7 +16,10 @@ nodes
| tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() |
@@ -32,10 +37,15 @@ nodes
| tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
edges
| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix |
@@ -43,6 +53,9 @@ edges
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand |
@@ -54,6 +67,9 @@ edges
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() |
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() |
#select
| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | Cryptographically insecure $@ in a security context. | tst.js:2:20:2:32 | Math.random() | random value |
| tst.js:6:20:6:43 | "prefix ... andom() | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | Cryptographically insecure $@ in a security context. | tst.js:6:31:6:43 | Math.random() | random value |

4
javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected
View File

@@ -6,6 +6,8 @@ nodes
| tst.js:12:28:12:34 | req.url |
| tst.js:13:50:13:55 | origin |
| tst.js:18:50:18:53 | null |
| tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" |
| tst.js:23:50:23:55 | "null" |
edges
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin |
@@ -13,6 +15,8 @@ edges
| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin |
| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" |
#select
| tst.js:13:50:13:55 | origin | tst.js:12:28:12:34 | req.url | tst.js:13:50:13:55 | origin | $@ leak vulnerability due to $@. | tst.js:14:5:14:59 | res.set ... , true) | Credential | tst.js:12:28:12:34 | req.url | a misconfigured CORS header value |
| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | $@ leak vulnerability due to $@. | tst.js:19:5:19:59 | res.set ... , true) | Credential | tst.js:18:50:18:53 | null | a misconfigured CORS header value |

2
javascript/ql/test/query-tests/Security/CWE-400/PrototypePollution.expected
View File

@@ -4,6 +4,7 @@ nodes
| angularmerge.js:2:32:2:36 | event |
| angularmerge.js:2:32:2:41 | event.data |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value |
@@ -13,6 +14,7 @@ edges
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event |
| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data |
| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) |
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo |
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } |
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |

8
javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
View File

@@ -1,9 +1,17 @@
nodes
| tst.js:7:22:7:36 | req.params.data |
| tst.js:7:22:7:36 | req.params.data |
| tst.js:8:25:8:39 | req.params.data |
| tst.js:8:25:8:39 | req.params.data |
| tst.js:12:26:12:40 | req.params.data |
| tst.js:12:26:12:40 | req.params.data |
| tst.js:13:29:13:43 | req.params.data |
| tst.js:13:29:13:43 | req.params.data |
edges
| tst.js:7:22:7:36 | req.params.data | tst.js:7:22:7:36 | req.params.data |
| tst.js:8:25:8:39 | req.params.data | tst.js:8:25:8:39 | req.params.data |
| tst.js:12:26:12:40 | req.params.data | tst.js:12:26:12:40 | req.params.data |
| tst.js:13:29:13:43 | req.params.data | tst.js:13:29:13:43 | req.params.data |
#select
| tst.js:7:22:7:36 | req.params.data | tst.js:7:22:7:36 | req.params.data | tst.js:7:22:7:36 | req.params.data | Unsafe deserialization of $@. | tst.js:7:22:7:36 | req.params.data | user input |
| tst.js:8:25:8:39 | req.params.data | tst.js:8:25:8:39 | req.params.data | tst.js:8:25:8:39 | req.params.data | Unsafe deserialization of $@. | tst.js:8:25:8:39 | req.params.data | user input |

9
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -2,7 +2,6 @@ nodes
| tst2.js:2:7:2:33 | href |
| tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href |
@@ -19,7 +18,6 @@ nodes
| tst7.js:5:27:5:43 | document.location |
| tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst10.js:5:17:5:46 | '/' + d ... .search |
@@ -46,12 +44,12 @@ edges
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:4:21:4:24 | href | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect |
@@ -59,9 +57,8 @@ edges
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:37 | document.location |
| tst10.js:5:23:5:39 | document.location | tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:8:24:8:40 | document.location | tst10.js:8:24:8:47 | documen ... .search |

4
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
View File

@@ -1,5 +1,7 @@
nodes
| express.js:7:16:7:34 | req.param("target") |
| express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target |
| express.js:27:16:27:34 | req.param("target") |
@@ -53,6 +55,8 @@ nodes
| react-native.js:8:17:8:23 | tainted |
| react-native.js:9:26:9:32 | tainted |
edges
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target |

6
javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected
View File

@@ -5,13 +5,19 @@ nodes
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
edges
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
#select
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:29 | document.location | domparser.js:11:55:11:57 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:29 | document.location | domparser.js:14:57:14:59 | src | A $@ is parsed as XML without guarding against external entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |

1
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -14,7 +14,6 @@ nodes
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:40:19:40:23 | input |

22
javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected
View File

@@ -5,7 +5,6 @@ nodes
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
@@ -14,7 +13,6 @@ nodes
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| tst.js:6:39:6:40 | ev |
| tst.js:7:9:7:39 | name |
| tst.js:7:16:7:34 | JSON.parse(ev.data) |
@@ -22,11 +20,9 @@ nodes
| tst.js:7:27:7:28 | ev |
| tst.js:7:27:7:33 | ev.data |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:10 | ev |
| tst.js:9:9:9:15 | ev.data |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name |
| tst.js:17:9:17:22 | fn |
| tst.js:17:9:17:22 | fn |
@@ -34,14 +30,11 @@ nodes
| tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name |
| tst.js:18:5:18:6 | fn |
| tst.js:18:5:18:6 | fn |
| tst.js:20:7:20:8 | fn |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name |
| tst.js:22:11:22:12 | fn |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name |
| tst.js:28:7:28:15 | obj[name] |
| tst.js:28:11:28:14 | name |
@@ -49,7 +42,6 @@ nodes
| tst.js:34:15:34:24 | "$" + name |
| tst.js:34:21:34:24 | name |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key |
| tst.js:37:7:37:14 | obj[key] |
| tst.js:37:11:37:13 | key |
@@ -71,7 +63,6 @@ edges
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
@@ -92,8 +83,6 @@ edges
| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) |
| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
@@ -104,8 +93,6 @@ edges
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] |
| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key |
@@ -113,7 +100,6 @@ edges
| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key |
| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev |
| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name |
@@ -126,23 +112,15 @@ edges
| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] |
#select
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | user-controlled |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | user-controlled |
| tst.js:9:5:9:16 | obj[ev.data] | tst.js:6:39:6:40 | ev | tst.js:9:5:9:16 | obj[ev.data] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:9:5:9:16 | obj[ev.data] | tst.js:6:39:6:40 | ev | tst.js:9:5:9:16 | obj[ev.data] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:11:5:11:13 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:11:5:11:13 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:11:5:11:13 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:11:5:11:13 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:18:5:18:6 | fn | tst.js:6:39:6:40 | ev | tst.js:18:5:18:6 | fn | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:18:5:18:6 | fn | tst.js:6:39:6:40 | ev | tst.js:18:5:18:6 | fn | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:20:7:20:8 | fn | tst.js:6:39:6:40 | ev | tst.js:20:7:20:8 | fn | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:21:7:21:15 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:21:7:21:15 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:21:7:21:15 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:21:7:21:15 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:22:11:22:12 | fn | tst.js:6:39:6:40 | ev | tst.js:22:11:22:12 | fn | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:26:7:26:15 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:26:7:26:15 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:26:7:26:15 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:26:7:26:15 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:28:7:28:15 | obj[name] | tst.js:6:39:6:40 | ev | tst.js:28:7:28:15 | obj[name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:35:5:35:12 | obj[key] | tst.js:6:39:6:40 | ev | tst.js:35:5:35:12 | obj[key] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:35:5:35:12 | obj[key] | tst.js:6:39:6:40 | ev | tst.js:35:5:35:12 | obj[key] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:37:7:37:14 | obj[key] | tst.js:6:39:6:40 | ev | tst.js:37:7:37:14 | obj[key] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:6:39:6:40 | ev | user-controlled |
| tst.js:50:5:50:6 | fn | tst.js:47:39:47:40 | ev | tst.js:50:5:50:6 | fn | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | tst.js:47:39:47:40 | ev | user-controlled |

10
javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected
View File

@@ -10,13 +10,18 @@ nodes
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| expat.js:7:16:7:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src |
| jquery.js:2:13:2:29 | document.location |
| jquery.js:2:13:2:36 | documen ... .search |
| jquery.js:5:14:5:16 | src |
| libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
edges
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src |
@@ -27,9 +32,14 @@ edges
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:29 | document.location | domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| expat.js:7:16:7:36 | req.par ... e-xml") | expat.js:7:16:7:36 | req.par ... e-xml") |
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src |
| jquery.js:2:13:2:29 | document.location | jquery.js:2:13:2:36 | documen ... .search |
| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src |
| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.sax.js:7:22:7:42 | req.par ... e-xml") | libxml.sax.js:7:22:7:42 | req.par ... e-xml") |
| libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") | libxml.saxpush.js:7:15:7:35 | req.par ... e-xml") |
#select
| closure.js:4:24:4:26 | src | closure.js:2:13:2:29 | document.location | closure.js:4:24:4:26 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | closure.js:2:13:2:29 | document.location | user-provided value |
| domparser.js:6:37:6:39 | src | domparser.js:2:13:2:29 | document.location | domparser.js:6:37:6:39 | src | A $@ is parsed as XML without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:29 | document.location | user-provided value |

106
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -1,61 +1,167 @@
nodes
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
edges
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' |
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | password |

20
javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected
View File

@@ -1,5 +1,6 @@
nodes
| tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:14:9:14:19 | req.cookies |
| tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:30:9:30:37 | v3 |
@@ -12,21 +13,30 @@ nodes
| tst.js:43:9:43:19 | req.cookies |
| tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:50:8:50:23 | req.params.login |
| tst.js:50:8:50:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login |
| tst.js:70:9:70:19 | req.cookies |
| tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:34:70:53 | req.params.requestId |
| tst.js:70:34:70:53 | req.params.requestId |
| tst.js:75:14:75:24 | req.cookies |
| tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:39:75:58 | req.params.requestId |
| tst.js:75:39:75:58 | req.params.requestId |
| tst.js:90:9:90:19 | req.cookies |
| tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:104:10:104:17 | req.body |
| tst.js:104:10:104:17 | req.body |
| tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable |
edges
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown |
| tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing |
| tst.js:30:9:30:37 | v3 | tst.js:31:9:31:10 | v3 |
| tst.js:30:14:30:37 | id(req. ... okieId) | tst.js:30:9:30:37 | v3 |
@@ -34,10 +44,18 @@ edges
| tst.js:30:17:30:36 | req.cookies.cookieId | tst.js:30:14:30:37 | id(req. ... okieId) |
| tst.js:37:13:37:23 | req.cookies | tst.js:37:13:37:32 | req.cookies.cookieId |
| tst.js:43:9:43:19 | req.cookies | tst.js:43:9:43:28 | req.cookies.cookieId |
| tst.js:50:8:50:23 | req.params.login | tst.js:50:8:50:23 | req.params.login |
| tst.js:65:8:65:23 | req.params.login | tst.js:65:8:65:23 | req.params.login |
| tst.js:70:9:70:19 | req.cookies | tst.js:70:9:70:28 | req.cookies.cookieId |
| tst.js:70:34:70:53 | req.params.requestId | tst.js:70:34:70:53 | req.params.requestId |
| tst.js:75:14:75:24 | req.cookies | tst.js:75:14:75:33 | req.cookies.cookieId |
| tst.js:75:39:75:58 | req.params.requestId | tst.js:75:39:75:58 | req.params.requestId |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:28 | req.cookies.cookieId |
| tst.js:90:9:90:28 | req.cookies.cookieId | tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:90:9:90:19 | req.cookies | tst.js:90:9:90:41 | req.coo ... secret" |
| tst.js:104:10:104:17 | req.body | tst.js:104:10:104:17 | req.body |
| tst.js:111:13:111:32 | req.query.vulnerable | tst.js:111:13:111:32 | req.query.vulnerable |
| tst.js:118:13:118:32 | req.query.vulnerable | tst.js:118:13:118:32 | req.query.vulnerable |
| tst.js:126:13:126:32 | req.query.vulnerable | tst.js:126:13:126:32 | req.query.vulnerable |
#select
| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but $@ controls it. | tst.js:11:9:11:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | a user-provided value |
| tst.js:14:9:14:30 | req.coo ... inThing | tst.js:14:9:14:19 | req.cookies | tst.js:14:9:14:30 | req.coo ... inThing | This condition guards a sensitive $@, but $@ controls it. | tst.js:16:9:16:17 | o.login() | action | tst.js:14:9:14:19 | req.cookies | a user-provided value |

6
javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected
View File

@@ -1,8 +1,14 @@
nodes
| tst.js:5:48:5:55 | password |
| tst.js:5:48:5:55 | password |
| tst.js:7:46:7:53 | password |
| tst.js:7:46:7:53 | password |
| tst.js:9:43:9:50 | password |
| tst.js:9:43:9:50 | password |
edges
| tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password |
| tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password |
| tst.js:9:43:9:50 | password | tst.js:9:43:9:50 | password |
#select
| tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | Password from $@ is hashed insecurely. | tst.js:5:48:5:55 | password | an access to password |
| tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | Password from $@ is hashed insecurely. | tst.js:7:46:7:53 | password | an access to password |