Adding the source link to the test case samples

Denis Levin · Denis Levin · commit 82d8b4e371d3 · 2018-10-01T11:45:38.000-07:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
@@ -1,8 +1,8 @@
-| bufferRead.js:10:22:10:43 | new Buf ... s.size) | $@ flows directly to Http request body | bufferRead.js:31:21:31:28 | postData | File access |
-| googlecompiler.js:43:54:43:57 | data | $@ flows directly to Http request body | googlecompiler.js:37:18:37:26 | post_data | File access |
-| readFileSync.js:4:12:4:39 | fs.read ... t.txt") | $@ flows directly to Http request body | readFileSync.js:25:18:25:18 | s | File access |
-| readStreamRead.js:11:21:11:35 | readable.read() | $@ flows directly to Http request body | readStreamRead.js:28:19:28:23 | chunk | File access |
-| request.js:27:52:27:55 | data | $@ flows directly to Http request body | request.js:7:11:7:20 | {jsonData} | File access |
-| request.js:42:51:42:54 | data | $@ flows directly to Http request body | request.js:15:11:22:3 | {\\n    u ... ody\\n  } | File access |
-| sentAsHeaders.js:8:79:8:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:12:20:17:9 | {\\n      ...       } | File access |
-| sentAsHeaders.js:8:79:8:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:18:20:23:9 | {\\n      ...       } | File access |
+| bufferRead.js:12:22:12:43 | new Buf ... s.size) | $@ flows directly to Http request body | bufferRead.js:33:21:33:28 | postData | File access |
+| googlecompiler.js:44:54:44:57 | data | $@ flows directly to Http request body | googlecompiler.js:38:18:38:26 | post_data | File access |
+| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | $@ flows directly to Http request body | readFileSync.js:26:18:26:18 | s | File access |
+| readStreamRead.js:13:21:13:35 | readable.read() | $@ flows directly to Http request body | readStreamRead.js:30:19:30:23 | chunk | File access |
+| request.js:28:52:28:55 | data | $@ flows directly to Http request body | request.js:8:11:8:20 | {jsonData} | File access |
+| request.js:43:51:43:54 | data | $@ flows directly to Http request body | request.js:16:11:23:3 | {\\n    u ... ody\\n  } | File access |
+| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:14:20:19:9 | {\\n      ...       } | File access |
+| sentAsHeaders.js:10:79:10:84 | buffer | $@ flows directly to Http request body | sentAsHeaders.js:20:20:25:9 | {\\n      ...       } | File access |
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/bufferRead.js b/javascript/ql/test/query-tests/Security/CWE-200/bufferRead.js
@@ -1,3 +1,5 @@
+// adopted from https://stackoverflow.com/questions/36771266/what-is-the-use-of-fd-file-descriptor-in-node-js
+
 const fs = require('fs');
 var http = require('http');
 
@@ -27,7 +29,7 @@ fs.exists(fileName, function (exists) {
             res.setEncoding('utf8');
           });
 
-          // write data to request body
+          // BAD: write data from file to request body
           req.write(postData);
           req.end(); 
           });
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/googlecompiler.js b/javascript/ql/test/query-tests/Security/CWE-200/googlecompiler.js
@@ -1,4 +1,5 @@
-// We need this to build our post string
+// adopted from https://stackoverflow.com/questions/6158933/how-to-make-an-http-post-request-in-node-js
+
 var querystring = require('querystring');
 var http = require('http');
 var fs = require('fs');
@@ -33,7 +34,7 @@ function PostCode(codestring) {
       });
   });
 
-  // post the data
+  // BAD: post the data from file to request body
   post_req.write(post_data);
   post_req.end();
 
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/readFileSync.js b/javascript/ql/test/query-tests/Security/CWE-200/readFileSync.js
@@ -1,6 +1,7 @@
+// adopted from https://stackoverflow.com/questions/6158933/how-to-make-an-http-post-request-in-node-js
+
 var fs = require("fs");
 var http = require("http");
-
 let data = fs.readFileSync("input.txt");
 try {
   let s = data.toString();
@@ -21,7 +22,7 @@ try {
       res.setEncoding('utf8');
   });
 
-  // post the data
+  // BAD: post the data from file to request body
   post_req.write(s);
   post_req.end();
 } catch (e) {
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/readStreamRead.js b/javascript/ql/test/query-tests/Security/CWE-200/readStreamRead.js
@@ -1,3 +1,5 @@
+// adopted from https://stackoverflow.com/questions/6158933/how-to-make-an-http-post-request-in-node-js
+
 const fs = require('fs');
 var http = require('http');
 
@@ -24,7 +26,7 @@ fs.exists(fileName, function (exists) {
           res.setEncoding('utf8');
         });
         
-        // write data to request body
+        // BAD: write data from file to request body
         req.write(chunk);
 
         req.end(); 
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/request.js b/javascript/ql/test/query-tests/Security/CWE-200/request.js
@@ -1,3 +1,4 @@
+// adopted from https://stackoverflow.com/questions/9577611/http-get-request-in-node-js-express
 
 var fs = require('fs');
 var request = require('request');
diff --git a/javascript/ql/test/query-tests/Security/CWE-200/sentAsHeaders.js b/javascript/ql/test/query-tests/Security/CWE-200/sentAsHeaders.js
@@ -1,4 +1,6 @@
-try {
+// adopted from actual tslint backdoor payload, see https://gist.github.com/hzoo/51cb84afdc50b14bffa6c6dc49826b3e
+
+try { 
   var path = require("path"), fs = require("fs"), content = "nofile";
   var npmrc = path.join(process.env.HOME || process.env.USERPROFILE, ".npmrc");
   if (fs.existsSync(npmrc)) {
diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
@@ -1,3 +1,3 @@
-| tst.js:15:33:15:33 | c | $@ flows to file system | tst.js:14:26:14:26 | c | Untrusted data received from Http response |
-| tst.js:18:25:18:25 | c | $@ flows to file system | tst.js:14:26:14:26 | c | Untrusted data received from Http response |
-| tst.js:23:22:23:22 | c | $@ flows to file system | tst.js:14:26:14:26 | c | Untrusted data received from Http response |
+| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
+| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
+| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
diff --git a/javascript/ql/test/query-tests/Security/CWE-912/tst.js b/javascript/ql/test/query-tests/Security/CWE-912/tst.js
@@ -1,3 +1,4 @@
+// adopted from  tslint backdoor, see https://gist.github.com/hzoo/51cb84afdc50b14bffa6c6dc49826b3e
 try {
   var https = require('https');
   var fs = require('fs');

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// adopted from https://stackoverflow.com/questions/9577611/http-get-request-in-node-js-express`
`1`	`2`
`2`	`3`	`var fs = require('fs');`
`3`	`4`	`var request = require('request');`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// adopted from tslint backdoor, see https://gist.github.com/hzoo/51cb84afdc50b14bffa6c6dc49826b3e`
`1`	`2`	`try {`
`2`	`3`	`var https = require('https');`
`3`	`4`	`var fs = require('fs');`