reintroduce the number sinks

2026-05-04 21:25:44 +02:00 · 2022-04-12 16:26:10 +02:00
parent 029459cc35
commit e2b7f7d05d
6 changed files with 93 additions and 39 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/Consistency.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/Consistency.expected
--- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/Consistency.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/Consistency.ql
@@ -0,0 +1,3 @@
+import javascript
+import semmle.javascript.security.dataflow.ResourceExhaustionQuery
+import testUtilities.ConsistencyChecking
--- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/resource-exhaustion.js
+++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/resource-exhaustion.js
@@ -1,7 +1,3 @@
-// this file contains many `NOT OK [INCONSISTENCY]` annotations, those
-// would be resolved if the query used flow labels to recognice
-// numbers flowing to sinks
-
 var http = require("http"),
    url = require("url");

@@ -13,73 +9,73 @@ var server = http.createServer(function(req, res) {
  Buffer.from(n); // OK
  Buffer.from(x, n); // OK
  Buffer.from(x, y, s); // NOT OK
-  Buffer.from(x, y, n); // NOT OK [INCONSISTENCY]
-  Buffer.from(x, y, n); // NOT OK [INCONSISTENCY]
-  Buffer.alloc(n); // NOT OK [INCONSISTENCY]
-  Buffer.allocUnsafe(n); // NOT OK [INCONSISTENCY]
-  Buffer.allocUnsafeSlow(n); // NOT OK [INCONSISTENCY]
+  Buffer.from(x, y, n); // NOT OK
+  Buffer.from(x, y, n); // NOT OK
+  Buffer.alloc(n); // NOT OK
+  Buffer.allocUnsafe(n); // NOT OK
+  Buffer.allocUnsafeSlow(n); // NOT OK

-  new Buffer(n); // NOT OK [INCONSISTENCY]
+  new Buffer(n); // NOT OK
  new Buffer(x, n); // OK
-  new Buffer(x, y, n); // NOT OK [INCONSISTENCY]
+  new Buffer(x, y, n); // NOT OK

-  new SlowBuffer(n); // NOT OK [INCONSISTENCY]
+  new SlowBuffer(n); // NOT OK

  Array(n); // OK
  new Array(n); // OK

-  Array(n).map(); // NOT OK [INCONSISTENCY]
-  new Array(n).map(); // NOT OK [INCONSISTENCY]
-  Array(n).fill(); // NOT OK [INCONSISTENCY]
-  Array(n).join(); // NOT OK [INCONSISTENCY]
-  Array(n).toString(); // NOT OK [INCONSISTENCY]
-  Array(n) + x; // NOT OK [INCONSISTENCY]
+  Array(n).map(); // NOT OK
+  new Array(n).map(); // NOT OK
+  Array(n).fill(); // NOT OK
+  Array(n).join(); // NOT OK
+  Array(n).toString(); // NOT OK
+  Array(n) + x; // NOT OK

  x.repeat(n); // NOT OK
  x.repeat(s); // NOT OK

-  new Buffer(n * x); // NOT OK [INCONSISTENCY]
-  new Buffer(n + n); // NOT OK [INCONSISTENCY]
-  new Buffer(n + x); // OK (maybe)
-  new Buffer(n + s); // OK (this is  a string if `s` is a string)
-  new Buffer(s + 2); // OK (this is  a string if `s` is a string)
-  new Buffer(s + s); // OK
-  new Buffer(n + "X"); // OK
+  new Buffer(n * x); // NOT OK
+  new Buffer(n + n); // NOT OK
+  new Buffer(n + x); // OK (maybe) - but still flagged [INCONSISTENCY]
+  new Buffer(n + s); // OK (this is  a string if `s` is a string) - but still flagged [INCONSISTENCY]
+  new Buffer(s + 2); // OK (this is  a string if `s` is a string) - but still flagged [INCONSISTENCY]
+  new Buffer(s + s); // OK - but still flagged [INCONSISTENCY]
+  new Buffer(n + "X"); // OK - but still flagged [INCONSISTENCY]

-  new Buffer(Math.ceil(s)); // NOT OK [INCONSISTENCY]
-  new Buffer(Number(s)); // NOT OK [INCONSISTENCY]
+  new Buffer(Math.ceil(s)); // NOT OK
+  new Buffer(Number(s)); // NOT OK
  new Buffer(new Number(s)); // OK

-  new Buffer(s + x.length); // OK (this is a string if `s` is a string)
-  new Buffer(s.length); // NOT OK [INCONSISTENCY]
+  new Buffer(s + x.length); // OK (this is a string if `s` is a string)  - but still flagged [INCONSISTENCY]
+  new Buffer(s.length); // NOT OK

  if (n < 100) {
    new Buffer(n); // OK
  } else {
-    new Buffer(n); // NOT OK [INCONSISTENCY]
+    new Buffer(n); // NOT OK
  }

  let ns = x ? n : s;
-  new Buffer(ns); // NOT OK [INCONSISTENCY]
+  new Buffer(ns); // NOT OK

-  new Buffer(n.toString()); // OK
+  new Buffer(n.toString()); // OK  - but still flagged [INCONSISTENCY]

  if (typeof n === "string") {
-    new Buffer(n); // OK
+    new Buffer(n); // OK  - but still flagged [INCONSISTENCY]
  } else {
-    new Buffer(n); // NOT OK [INCONSISTENCY]
+    new Buffer(n); // NOT OK
  }

  if (typeof n === "number") {
-    new Buffer(n); // NOT OK [INCONSISTENCY]
+    new Buffer(n); // NOT OK
  } else {
-    new Buffer(n); // OK
+    new Buffer(n); // OK  - but still flagged [INCONSISTENCY]
  }

  if (typeof s === "number") {
-    new Buffer(s); // NOT OK [INCONSISTENCY]
+    new Buffer(s); // NOT OK
  } else {
-    new Buffer(s); // OK
+    new Buffer(s); // OK - but stil flagged [INCONSISTENCY]
  }

  setTimeout(f, n); // NOT OK