hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea4e2630600e35af044ff5ea99c190d863f6fb4e
codeql/javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
Asger F 50a77ea843 JS: update test expectations
2019-03-06 08:41:03 +00:00

167 lines
13 KiB
Plaintext
Raw Blame History

nodes
| mongodb.js:12:11:12:20 | query |
| mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:26 | req.body |
| mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title |
| mongodb.js:26:19:26:26 | req.body |
| mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:32:38:32:42 | title |
| mongodb.js:48:11:48:20 | query |
| mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title |
| mongodb.js:54:16:54:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title |
| mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:11:20:20 | query |
| mongoose.js:20:19:20:20 | {} |
| mongoose.js:21:19:21:26 | req.body |
| mongoose.js:21:19:21:32 | req.body.title |
| mongoose.js:27:20:27:24 | query |
| mongoose.js:30:25:30:29 | query |
| mongoose.js:33:24:33:28 | query |
| mongoose.js:36:31:36:35 | query |
| mongoose.js:39:19:39:23 | query |
| mongoose.js:42:22:42:26 | query |
| mongoose.js:45:31:45:35 | query |
| mongoose.js:48:31:48:35 | query |
| mongoose.js:51:31:51:35 | query |
| mongoose.js:54:25:54:29 | query |
| mongoose.js:57:21:57:25 | query |
| mongoose.js:60:25:60:29 | query |
| mongoose.js:63:24:63:28 | query |
| mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:19:19:19:20 | {} |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title |
| mongooseJsonParse.js:20:30:20:43 | req.query.data |
| mongooseJsonParse.js:23:19:23:23 | query |
| socketio.js:10:25:10:30 | handle |
| socketio.js:11:12:11:53 | `INSERT ... andle}` |
| socketio.js:11:46:11:51 | handle |
| tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id |
| tst3.js:8:7:9:55 | query1 |
| tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst3.js:9:16:9:34 | req.params.category |
| tst3.js:10:14:10:19 | query1 |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id |
edges
| mongodb.js:12:11:12:20 | query | mongodb.js:14:59:14:58 | query |
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:14:59:14:58 | query |
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query |
| mongodb.js:14:59:14:58 | query | mongodb.js:18:16:18:20 | query |
| mongodb.js:26:11:26:32 | title | mongodb.js:27:11:27:35 | title |
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title |
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title |
| mongodb.js:27:11:27:35 | title | mongodb.js:32:38:32:42 | title |
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } |
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) |
| mongodb.js:48:11:48:20 | query | mongodb.js:50:59:50:58 | query |
| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query |
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:50:59:50:58 | query |
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query |
| mongodb.js:50:59:50:58 | query | mongodb.js:54:16:54:20 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:25:59:25:58 | query |
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:25:59:25:58 | query |
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
| mongodb_bodySafe.js:25:59:25:58 | query | mongodb_bodySafe.js:29:16:29:20 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
| mongoose.js:20:11:20:20 | query | mongoose.js:63:24:63:28 | query |
| mongoose.js:20:19:20:20 | {} | mongoose.js:20:11:20:20 | query |
| mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:11:20:20 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:19:20:20 | {} |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:24:63:28 | query |
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} |
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query |
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle |
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` |
| tst2.js:9:27:9:78 | "select ... rams.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:78 | "select ... rams.id |
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" |
| tst3.js:8:7:9:55 | query1 | tst3.js:10:14:10:19 | query1 |
| tst3.js:8:16:9:34 | "SELECT ... ategory | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst3.js:8:16:9:55 | "SELECT ... PRICE" | tst3.js:8:7:9:55 | query1 |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:34 | "SELECT ... ategory |
| tst3.js:9:16:9:34 | req.params.category | tst3.js:8:16:9:55 | "SELECT ... PRICE" |
| tst4.js:8:10:8:60 | 'SELECT ... rams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:60 | 'SELECT ... rams.id |
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' |
| tst.js:10:10:10:58 | 'SELECT ... rams.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:58 | 'SELECT ... rams.id |
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
#select
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query depends on $@. | mongodb.js:49:19:49:33 | req.query.title | a user-provided value |
| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query depends on $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | a user-provided value |
| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongoose.js:63:24:63:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:24:63:28 | query | This query depends on $@. | mongoose.js:21:19:21:26 | req.body | a user-provided value |
| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query depends on $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | a user-provided value |
| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query depends on $@. | socketio.js:10:25:10:30 | handle | a user-provided value |
| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query depends on $@. | tst2.js:9:66:9:78 | req.params.id | a user-provided value |
| tst3.js:10:14:10:19 | query1 | tst3.js:9:16:9:34 | req.params.category | tst3.js:10:14:10:19 | query1 | This query depends on $@. | tst3.js:9:16:9:34 | req.params.category | a user-provided value |
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
Reference in New Issue View Git Blame Copy Permalink