Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b42026a

Browse files
author
Max Schaefer
committed
JavaScript: Update expected output.
1 parent 530fa2c commit b42026a

41 files changed

Lines changed: 2740 additions & 7 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

Lines changed: 1075 additions & 0 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,42 @@
11
nodes
22
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
33
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
4+
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
5+
| TarSlipBad.js:6:36:6:46 | header.name |
46
| TarSlipBad.js:6:36:6:46 | header.name |
57
| TarSlipBad.js:6:36:6:46 | header.name |
68
| ZipSlipBad2.js:5:9:5:46 | fileName |
79
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
810
| ZipSlipBad2.js:5:37:5:46 | entry.path |
11+
| ZipSlipBad2.js:5:37:5:46 | entry.path |
12+
| ZipSlipBad2.js:6:22:6:29 | fileName |
913
| ZipSlipBad2.js:6:22:6:29 | fileName |
1014
| ZipSlipBad.js:7:11:7:31 | fileName |
1115
| ZipSlipBad.js:7:22:7:31 | entry.path |
16+
| ZipSlipBad.js:7:22:7:31 | entry.path |
17+
| ZipSlipBad.js:8:37:8:44 | fileName |
1218
| ZipSlipBad.js:8:37:8:44 | fileName |
1319
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
1420
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
21+
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
22+
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
1523
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
1624
edges
1725
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
1826
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name |
1927
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
28+
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
2029
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
2130
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
31+
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
32+
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
2233
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
2334
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
35+
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
36+
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
2437
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
2538
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
39+
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
2640
#select
2741
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | item path |
2842
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | TarSlipBad.js:6:36:6:46 | header.name | item path |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,40 +4,65 @@ nodes
44
| child_process-test.js:6:15:6:44 | url.par ... ).query |
55
| child_process-test.js:6:15:6:49 | url.par ... ry.path |
66
| child_process-test.js:6:25:6:31 | req.url |
7+
| child_process-test.js:6:25:6:31 | req.url |
8+
| child_process-test.js:17:13:17:15 | cmd |
79
| child_process-test.js:17:13:17:15 | cmd |
810
| child_process-test.js:18:17:18:19 | cmd |
11+
| child_process-test.js:18:17:18:19 | cmd |
912
| child_process-test.js:19:17:19:19 | cmd |
13+
| child_process-test.js:19:17:19:19 | cmd |
14+
| child_process-test.js:20:21:20:23 | cmd |
1015
| child_process-test.js:20:21:20:23 | cmd |
1116
| child_process-test.js:21:14:21:16 | cmd |
17+
| child_process-test.js:21:14:21:16 | cmd |
1218
| child_process-test.js:22:18:22:20 | cmd |
19+
| child_process-test.js:22:18:22:20 | cmd |
20+
| child_process-test.js:23:13:23:15 | cmd |
1321
| child_process-test.js:23:13:23:15 | cmd |
1422
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
23+
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
1524
| child_process-test.js:25:21:25:23 | cmd |
1625
| child_process-test.js:36:7:36:20 | sh |
1726
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
27+
| child_process-test.js:36:12:36:20 | 'cmd.exe' |
1828
| child_process-test.js:38:7:38:20 | sh |
1929
| child_process-test.js:38:12:38:20 | '/bin/sh' |
30+
| child_process-test.js:38:12:38:20 | '/bin/sh' |
2031
| child_process-test.js:39:14:39:15 | sh |
32+
| child_process-test.js:39:14:39:15 | sh |
33+
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
2134
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
2235
| child_process-test.js:39:18:39:30 | [ flag, cmd ] |
2336
| child_process-test.js:39:26:39:28 | cmd |
37+
| child_process-test.js:39:26:39:28 | cmd |
2438
| child_process-test.js:41:9:41:17 | args |
2539
| child_process-test.js:41:16:41:17 | [] |
40+
| child_process-test.js:41:16:41:17 | [] |
41+
| child_process-test.js:43:15:43:17 | cmd |
2642
| child_process-test.js:43:15:43:17 | cmd |
2743
| child_process-test.js:44:17:44:27 | "/bin/bash" |
2844
| child_process-test.js:44:17:44:27 | "/bin/bash" |
45+
| child_process-test.js:44:17:44:27 | "/bin/bash" |
46+
| child_process-test.js:44:30:44:33 | args |
2947
| child_process-test.js:44:30:44:33 | args |
3048
| child_process-test.js:46:9:46:12 | "sh" |
49+
| child_process-test.js:46:9:46:12 | "sh" |
3150
| child_process-test.js:46:15:46:18 | args |
3251
| child_process-test.js:48:9:48:17 | args |
3352
| child_process-test.js:48:16:48:17 | [] |
53+
| child_process-test.js:48:16:48:17 | [] |
54+
| child_process-test.js:50:15:50:17 | cmd |
3455
| child_process-test.js:50:15:50:17 | cmd |
3556
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
3657
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
58+
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
59+
| child_process-test.js:51:35:51:38 | args |
3760
| child_process-test.js:51:35:51:38 | args |
3861
| child_process-test.js:55:14:55:16 | cmd |
3962
| child_process-test.js:55:19:55:22 | args |
4063
| child_process-test.js:56:12:56:14 | cmd |
64+
| child_process-test.js:56:12:56:14 | cmd |
65+
| child_process-test.js:56:17:56:20 | args |
4166
| child_process-test.js:56:17:56:20 | args |
4267
| execSeries.js:3:20:3:22 | arr |
4368
| execSeries.js:6:14:6:16 | arr |
@@ -46,66 +71,107 @@ nodes
4671
| execSeries.js:14:13:14:20 | commands |
4772
| execSeries.js:14:24:14:30 | command |
4873
| execSeries.js:14:41:14:47 | command |
74+
| execSeries.js:14:41:14:47 | command |
4975
| execSeries.js:18:7:18:58 | cmd |
5076
| execSeries.js:18:13:18:47 | require ... , true) |
5177
| execSeries.js:18:13:18:53 | require ... ).query |
5278
| execSeries.js:18:13:18:58 | require ... ry.path |
5379
| execSeries.js:18:34:18:40 | req.url |
80+
| execSeries.js:18:34:18:40 | req.url |
5481
| execSeries.js:19:12:19:16 | [cmd] |
5582
| execSeries.js:19:13:19:15 | cmd |
5683
| other.js:5:9:5:49 | cmd |
5784
| other.js:5:15:5:38 | url.par ... , true) |
5885
| other.js:5:15:5:44 | url.par ... ).query |
5986
| other.js:5:15:5:49 | url.par ... ry.path |
6087
| other.js:5:25:5:31 | req.url |
88+
| other.js:5:25:5:31 | req.url |
89+
| other.js:7:33:7:35 | cmd |
6190
| other.js:7:33:7:35 | cmd |
6291
| other.js:8:28:8:30 | cmd |
92+
| other.js:8:28:8:30 | cmd |
6393
| other.js:9:32:9:34 | cmd |
94+
| other.js:9:32:9:34 | cmd |
95+
| other.js:10:29:10:31 | cmd |
6496
| other.js:10:29:10:31 | cmd |
6597
| other.js:11:29:11:31 | cmd |
98+
| other.js:11:29:11:31 | cmd |
99+
| other.js:12:27:12:29 | cmd |
66100
| other.js:12:27:12:29 | cmd |
67101
| other.js:14:28:14:30 | cmd |
102+
| other.js:14:28:14:30 | cmd |
68103
| other.js:15:34:15:36 | cmd |
104+
| other.js:15:34:15:36 | cmd |
105+
| other.js:16:21:16:23 | cmd |
69106
| other.js:16:21:16:23 | cmd |
70107
| other.js:17:27:17:29 | cmd |
108+
| other.js:17:27:17:29 | cmd |
109+
| other.js:18:22:18:24 | cmd |
71110
| other.js:18:22:18:24 | cmd |
72111
| other.js:19:36:19:38 | cmd |
112+
| other.js:19:36:19:38 | cmd |
73113
| third-party-command-injection.js:5:20:5:26 | command |
114+
| third-party-command-injection.js:5:20:5:26 | command |
115+
| third-party-command-injection.js:6:21:6:27 | command |
74116
| third-party-command-injection.js:6:21:6:27 | command |
75117
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
76118
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
119+
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
77120
edges
78121
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
122+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
123+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
79124
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
80125
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
126+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
127+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
81128
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
82129
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
130+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
83131
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
132+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
133+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
84134
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
85135
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd |
86136
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
137+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
87138
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
139+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
140+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
88141
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:50:15:50:17 | cmd |
89142
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query |
90143
| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
91144
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd |
92145
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
146+
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
147+
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
93148
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
94149
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
150+
| child_process-test.js:36:7:36:20 | sh | child_process-test.js:39:14:39:15 | sh |
95151
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
152+
| child_process-test.js:36:12:36:20 | 'cmd.exe' | child_process-test.js:36:7:36:20 | sh |
153+
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
96154
| child_process-test.js:38:7:38:20 | sh | child_process-test.js:39:14:39:15 | sh |
97155
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
156+
| child_process-test.js:38:12:38:20 | '/bin/sh' | child_process-test.js:38:7:38:20 | sh |
98157
| child_process-test.js:39:18:39:30 | [ flag, cmd ] | child_process-test.js:39:18:39:30 | [ flag, cmd ] |
99158
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
159+
| child_process-test.js:41:9:41:17 | args | child_process-test.js:44:30:44:33 | args |
100160
| child_process-test.js:41:9:41:17 | args | child_process-test.js:46:15:46:18 | args |
101161
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
162+
| child_process-test.js:41:16:41:17 | [] | child_process-test.js:41:9:41:17 | args |
102163
| child_process-test.js:44:17:44:27 | "/bin/bash" | child_process-test.js:44:17:44:27 | "/bin/bash" |
103164
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
165+
| child_process-test.js:46:9:46:12 | "sh" | child_process-test.js:55:14:55:16 | cmd |
104166
| child_process-test.js:46:15:46:18 | args | child_process-test.js:55:19:55:22 | args |
105167
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
168+
| child_process-test.js:48:9:48:17 | args | child_process-test.js:51:35:51:38 | args |
169+
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
106170
| child_process-test.js:48:16:48:17 | [] | child_process-test.js:48:9:48:17 | args |
107171
| child_process-test.js:51:17:51:32 | `/bin` + "/bash" | child_process-test.js:51:17:51:32 | `/bin` + "/bash" |
108172
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
173+
| child_process-test.js:55:14:55:16 | cmd | child_process-test.js:56:12:56:14 | cmd |
174+
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
109175
| child_process-test.js:55:19:55:22 | args | child_process-test.js:56:17:56:20 | args |
110176
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
111177
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
@@ -114,29 +180,47 @@ edges
114180
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr |
115181
| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command |
116182
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
183+
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
117184
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd |
118185
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query |
119186
| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path |
120187
| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd |
121188
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
189+
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
122190
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
123191
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
124192
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
193+
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
125194
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
195+
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
196+
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
126197
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
127198
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
199+
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
128200
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
201+
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
202+
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
129203
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
130204
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
205+
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
206+
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
131207
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
132208
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
209+
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
133210
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
211+
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
212+
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
134213
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
135214
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
215+
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
136216
| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query |
137217
| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path |
138218
| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd |
139219
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
220+
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
221+
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
222+
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
223+
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
140224
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
141225
| tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] | tst_shell-command-injection-from-environment.js:4:25:4:61 | ['-rf', ... temp")] |
142226
#select

0 commit comments

Comments
 (0)