Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c375a0c

Browse files
erik-krogherik-krogh
committed
fix compilation and update expected output
1 parent aa3482c commit c375a0c

3 files changed

Lines changed: 20 additions & 1 deletion

File tree

javascript/ql/src/semmle/javascript/heuristics/AdditionalSinks.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ private import semmle.javascript.security.dataflow.ServerSideUrlRedirectCustomiz
1919
private import semmle.javascript.security.dataflow.InsecureRandomnessCustomizations
2020
private import HeuristicSinks as Sinks
2121

22-
private class HeuristicSink = Sinks::HeuristicSink;
22+
class HeuristicSink = Sinks::HeuristicSink;
2323

2424
private class HeuristicCodeInjectionSink extends Sinks::HeuristicCodeInjectionSink,
2525
CodeInjection::Sink { }

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,11 @@ nodes
6464
| angularjs.js:53:32:53:39 | location |
6565
| angularjs.js:53:32:53:46 | location.search |
6666
| angularjs.js:53:32:53:46 | location.search |
67+
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
68+
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
69+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
70+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
71+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
6772
| express.js:7:24:7:69 | "return ... + "];" |
6873
| express.js:7:24:7:69 | "return ... + "];" |
6974
| express.js:7:44:7:62 | req.param("wobble") |
@@ -193,6 +198,10 @@ edges
193198
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
194199
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
195200
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
201+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
202+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
203+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
204+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
196205
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
197206
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
198207
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
@@ -261,6 +270,7 @@ edges
261270
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:23 | location | angularjs.js:47:16:47:30 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:47:16:47:23 | location | User-provided value |
262271
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:29 | location | angularjs.js:50:22:50:36 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:50:22:50:29 | location | User-provided value |
263272
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search | $@ flows to here and is interpreted as code. | angularjs.js:53:32:53:39 | location | User-provided value |
273+
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` | bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` | $@ flows to here and is interpreted as code. | bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | User-provided value |
264274
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:7:44:7:62 | req.param("wobble") | User-provided value |
265275
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:9:54:9:72 | req.param("wobble") | User-provided value |
266276
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | $@ flows to here and is interpreted as code. | express.js:12:28:12:46 | req.param("wobble") | User-provided value |

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,11 @@ nodes
6464
| angularjs.js:53:32:53:39 | location |
6565
| angularjs.js:53:32:53:46 | location.search |
6666
| angularjs.js:53:32:53:46 | location.search |
67+
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
68+
| bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
69+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
70+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
71+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") |
6772
| eslint-escope-build.js:20:22:20:22 | c |
6873
| eslint-escope-build.js:20:22:20:22 | c |
6974
| eslint-escope-build.js:21:16:21:16 | c |
@@ -197,6 +202,10 @@ edges
197202
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
198203
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
199204
| angularjs.js:53:32:53:39 | location | angularjs.js:53:32:53:46 | location.search |
205+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
206+
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:14:54:67 | `(funct ... "))}))` |
207+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
208+
| bad-code-sanitization.js:54:44:54:62 | req.param("wobble") | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
200209
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
201210
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
202211
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |

0 commit comments

Comments
 (0)