hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Accept raw test output

Browse Source
This commit is contained in:
Asger F
2025-02-06 16:16:21 +01:00
parent 795c1100fc
commit f5911c9e5a
196 changed files with 7002 additions and 4171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -1,3 +1,23 @@
#select
| RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:17:14:17:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:17:14:17:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:18:14:18:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:18:14:18:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:23:14:23:21 | getKey() | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:23:14:23:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
| RegExpInjection.js:35:23:35:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:35:23:35:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:36:26:36:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:36:26:36:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:37:25:37:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:37:25:37:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:40:24:40:28 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:24:40:28 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:41:27:41:31 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:27:41:31 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:42:26:42:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:26:42:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:59:14:59:18 | input | RegExpInjection.js:55:39:55:56 | req.param("input") | RegExpInjection.js:59:14:59:18 | input | This regular expression is constructed from a $@. | RegExpInjection.js:55:39:55:56 | req.param("input") | user-provided value |
| RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:77:15:77:32 | req.param("input") | RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:77:15:77:32 | req.param("input") | user-provided value |
| RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | RegExpInjection.js:86:20:86:30 | process.env | RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:86:20:86:30 | process.env | environment variable |
| RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | RegExpInjection.js:88:20:88:31 | process.argv | RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:88:20:88:31 | process.argv | command-line argument |
| RegExpInjection.js:95:14:95:22 | sanitized | RegExpInjection.js:92:15:92:32 | req.param("input") | RegExpInjection.js:95:14:95:22 | sanitized | This regular expression is constructed from a $@. | RegExpInjection.js:92:15:92:32 | req.param("input") | user-provided value |
| tst.js:6:16:6:35 | "^"+ data.name + "$" | tst.js:5:16:5:29 | req.query.data | tst.js:6:16:6:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:5:16:5:29 | req.query.data | user-provided value |
edges
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:7:31:7:33 | key | provenance | |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:17:19:17:21 | key | provenance | |
@@ -107,23 +127,11 @@ subpaths
| RegExpInjection.js:10:26:10:26 | s | RegExpInjection.js:13:18:13:18 | s | RegExpInjection.js:14:12:14:24 | s + "=(.*)\\n" | RegExpInjection.js:10:20:10:27 | wrap2(s) |
| RegExpInjection.js:17:19:17:21 | key | RegExpInjection.js:9:17:9:17 | s | RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:17:14:17:22 | wrap(key) |
| RegExpInjection.js:18:19:18:21 | key | RegExpInjection.js:9:17:9:17 | s | RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:18:14:18:22 | wrap(key) |
#select
| RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:17:14:17:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:17:14:17:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:18:14:18:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:18:14:18:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:23:14:23:21 | getKey() | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:23:14:23:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
| RegExpInjection.js:35:23:35:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:35:23:35:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:36:26:36:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:36:26:36:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:37:25:37:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:37:25:37:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:40:24:40:28 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:24:40:28 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:41:27:41:31 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:27:41:31 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:42:26:42:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:26:42:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:59:14:59:18 | input | RegExpInjection.js:55:39:55:56 | req.param("input") | RegExpInjection.js:59:14:59:18 | input | This regular expression is constructed from a $@. | RegExpInjection.js:55:39:55:56 | req.param("input") | user-provided value |
| RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:77:15:77:32 | req.param("input") | RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:77:15:77:32 | req.param("input") | user-provided value |
| RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | RegExpInjection.js:86:20:86:30 | process.env | RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:86:20:86:30 | process.env | environment variable |
| RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | RegExpInjection.js:88:20:88:31 | process.argv | RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:88:20:88:31 | process.argv | command-line argument |
| RegExpInjection.js:95:14:95:22 | sanitized | RegExpInjection.js:92:15:92:32 | req.param("input") | RegExpInjection.js:95:14:95:22 | sanitized | This regular expression is constructed from a $@. | RegExpInjection.js:92:15:92:32 | req.param("input") | user-provided value |
| tst.js:6:16:6:35 | "^"+ data.name + "$" | tst.js:5:16:5:29 | req.query.data | tst.js:6:16:6:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:5:16:5:29 | req.query.data | user-provided value |
testFailures
| RegExpInjection.js:5:13:5:28 | req.param("key") | Unexpected result: Source |
| RegExpInjection.js:5:39:5:56 | req.param("input") | Unexpected result: Source |
| RegExpInjection.js:21:12:21:27 | req.param("key") | Unexpected result: Source |
| RegExpInjection.js:55:39:55:56 | req.param("input") | Unexpected result: Source |
| RegExpInjection.js:77:15:77:32 | req.param("input") | Unexpected result: Source |
| RegExpInjection.js:92:15:92:32 | req.param("input") | Unexpected result: Source |
| tst.js:5:16:5:29 | req.query.data | Unexpected result: Source |