JS: Test update indicating a problem with .split()

asgerf · asgerf · commit 0ddb1c87f57b · 2024-09-10T13:14:37.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
@@ -514,6 +514,9 @@ nodes
 | tst.js:371:7:371:39 | target | semmle.label | target |
 | tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search |
 | tst.js:374:18:374:23 | target | semmle.label | target |
+| tst.js:377:18:377:39 | documen ... on.href | semmle.label | documen ... on.href |
+| tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | semmle.label | documen ... it("?") [ArrayElement] |
+| tst.js:377:18:377:53 | documen ... "?")[0] | semmle.label | documen ... "?")[0] |
 | tst.js:381:7:381:39 | target | semmle.label | target |
 | tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] |
 | tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] |
@@ -1112,6 +1115,8 @@ edges
 | tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance |  |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance |  |
 | tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance |  |
+| tst.js:377:18:377:39 | documen ... on.href | tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | provenance |  |
+| tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | tst.js:377:18:377:53 | documen ... "?")[0] | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance |  |
@@ -1455,6 +1460,7 @@ subpaths
 | tst.js:360:21:360:26 | target | tst.js:355:19:355:42 | documen ... .search | tst.js:360:21:360:26 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:42 | documen ... .search | user-provided value |
 | tst.js:363:18:363:23 | target | tst.js:355:19:355:42 | documen ... .search | tst.js:363:18:363:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:355:19:355:42 | documen ... .search | user-provided value |
 | tst.js:374:18:374:23 | target | tst.js:371:16:371:39 | documen ... .search | tst.js:374:18:374:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:371:16:371:39 | documen ... .search | user-provided value |
+| tst.js:377:18:377:53 | documen ... "?")[0] | tst.js:377:18:377:39 | documen ... on.href | tst.js:377:18:377:53 | documen ... "?")[0] | Cross-site scripting vulnerability due to $@. | tst.js:377:18:377:39 | documen ... on.href | user-provided value |
 | tst.js:384:18:384:23 | target | tst.js:381:16:381:39 | documen ... .search | tst.js:384:18:384:23 | target | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value |
 | tst.js:386:18:386:29 | target.taint | tst.js:381:16:381:39 | documen ... .search | tst.js:386:18:386:29 | target.taint | Cross-site scripting vulnerability due to $@. | tst.js:381:16:381:39 | documen ... .search | user-provided value |
 | tst.js:392:18:392:30 | target.taint3 | tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | Cross-site scripting vulnerability due to $@. | tst.js:391:19:391:42 | documen ... .search | user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
@@ -519,6 +519,9 @@ nodes
 | tst.js:371:7:371:39 | target | semmle.label | target |
 | tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search |
 | tst.js:374:18:374:23 | target | semmle.label | target |
+| tst.js:377:18:377:39 | documen ... on.href | semmle.label | documen ... on.href |
+| tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | semmle.label | documen ... it("?") [ArrayElement] |
+| tst.js:377:18:377:53 | documen ... "?")[0] | semmle.label | documen ... "?")[0] |
 | tst.js:381:7:381:39 | target | semmle.label | target |
 | tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] |
 | tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] |
@@ -1137,6 +1140,8 @@ edges
 | tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance |  |
 | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance |  |
 | tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance |  |
+| tst.js:377:18:377:39 | documen ... on.href | tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | provenance |  |
+| tst.js:377:18:377:50 | documen ... it("?") [ArrayElement] | tst.js:377:18:377:53 | documen ... "?")[0] | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance |  |
 | tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance |  |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js
@@ -373,7 +373,7 @@ function test() {
   // NOT OK
   $('myId').html(target)
 
-  // OK
+  // OK [INCONSISTENCY] (TODO: fix)
   $('myid').html(document.location.href.split("?")[0]);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -373,7 +373,7 @@ function test() {`
`373`	`373`	`// NOT OK`
`374`	`374`	`$('myId').html(target)`
`375`	`375`
`376`		`- // OK`
	`376`	`+ // OK [INCONSISTENCY] (TODO: fix)`
`377`	`377`	`$('myid').html(document.location.href.split("?")[0]);`
`378`	`378`	`}`
`379`	`379`