JS: Mark regressions due to lack of local field steps

asgerf · asgerf · commit e026b9e04893 · 2025-02-28T13:27:52.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js
@@ -363,8 +363,8 @@ function MyTrainer(opts) {
 
 MyTrainer.prototype = {
 	train: function() {
-		var command = "learn " + this.learn_args + " " + model; // $ Alert
-		cp.exec(command); 
+		var command = "learn " + this.learn_args + " " + model; // $ MISSING: Alert - lack of local field step
+		cp.exec(command);
 	}
 };
 module.exports.MyTrainer = MyTrainer;
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/main.js b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/main.js
@@ -44,7 +44,7 @@ class Foo {
 
     doXss() {
         // not called here, but still bad.
-        document.querySelector("#class").innerHTML = "<span>" + this.step + "</span>"; // $ Alert
+        document.querySelector("#class").innerHTML = "<span>" + this.step + "</span>"; // $ MISSING: Alert - needs localFieldStep
     }
 
 }
diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/lib/index.js b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/lib/index.js
@@ -48,7 +48,7 @@ export function Template(text, opts) {
 Template.prototype = {
   compile: function () {
     var opts = this.opts;
-    eval("  var " + opts.varName + " = something();"); // $ Alert
+    eval("  var " + opts.varName + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
   },
   // The below are justs tests that ensure the global-access-path computations terminate.
   pathsTerminate1: function (node, prev) {
@@ -100,10 +100,10 @@ export class AccessPathClass {
   }
 
   doesTaint() {
-    eval("  var " + this.options1.taintedOption + " = something();"); // $ Alert
-    eval("  var " + this.options2.taintedOption + " = something();"); // $ Alert
-    eval("  var " + this.options3.taintedOption + " = something();"); // $ Alert
-    eval("  var " + this.taint + " = something();"); // $ Alert
+    eval("  var " + this.options1.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+    eval("  var " + this.options2.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+    eval("  var " + this.options3.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+    eval("  var " + this.taint + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
   }
 }
 
@@ -132,10 +132,10 @@ export class AccessPathClassBB {
     }
   
     doesTaint() {
-      eval("  var " + this.options1.taintedOption + " = something();"); // $ Alert
-      eval("  var " + this.options2.taintedOption + " = something();"); // $ Alert
-      eval("  var " + this.options3.taintedOption + " = something();"); // $ Alert
-      eval("  var " + this.taint + " = something();"); // $ Alert
+      eval("  var " + this.options1.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+      eval("  var " + this.options2.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+      eval("  var " + this.options3.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
+      eval("  var " + this.taint + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep
     }
   }
   
diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/lib.js b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/lib.js
@@ -67,7 +67,7 @@ class Foo {
     const obj = this.obj;
     const path = this.path;
     const value = this.value;
-    return (obj[path[0]][path[1]] = value); // $ Alert
+    return (obj[path[0]][path[1]] = value); // $ MISSING: Alert - lacking local field step
   }
 
   safe() {

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ class Foo {`
`44`	`44`
`45`	`45`	`doXss() {`
`46`	`46`	`// not called here, but still bad.`
`47`		`- document.querySelector("#class").innerHTML = "<span>" + this.step + "</span>"; // $ Alert`
	`47`	`+ document.querySelector("#class").innerHTML = "<span>" + this.step + "</span>"; // $ MISSING: Alert - needs localFieldStep`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ export function Template(text, opts) {`
`48`	`48`	`Template.prototype = {`
`49`	`49`	`compile: function () {`
`50`	`50`	`var opts = this.opts;`
`51`		`- eval(" var " + opts.varName + " = something();"); // $ Alert`
	`51`	`+ eval(" var " + opts.varName + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
`52`	`52`	`},`
`53`	`53`	`// The below are justs tests that ensure the global-access-path computations terminate.`
`54`	`54`	`pathsTerminate1: function (node, prev) {`
`@@ -100,10 +100,10 @@ export class AccessPathClass {`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`doesTaint() {`
`103`		`- eval(" var " + this.options1.taintedOption + " = something();"); // $ Alert`
`104`		`- eval(" var " + this.options2.taintedOption + " = something();"); // $ Alert`
`105`		`- eval(" var " + this.options3.taintedOption + " = something();"); // $ Alert`
`106`		`- eval(" var " + this.taint + " = something();"); // $ Alert`
	`103`	`+ eval(" var " + this.options1.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`104`	`+ eval(" var " + this.options2.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`105`	`+ eval(" var " + this.options3.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`106`	`+ eval(" var " + this.taint + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
`107`	`107`	`}`
`108`	`108`	`}`
`109`	`109`
`@@ -132,10 +132,10 @@ export class AccessPathClassBB {`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`doesTaint() {`
`135`		`- eval(" var " + this.options1.taintedOption + " = something();"); // $ Alert`
`136`		`- eval(" var " + this.options2.taintedOption + " = something();"); // $ Alert`
`137`		`- eval(" var " + this.options3.taintedOption + " = something();"); // $ Alert`
`138`		`- eval(" var " + this.taint + " = something();"); // $ Alert`
	`135`	`+ eval(" var " + this.options1.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`136`	`+ eval(" var " + this.options2.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`137`	`+ eval(" var " + this.options3.taintedOption + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
	`138`	`+ eval(" var " + this.taint + " = something();"); // $ MISSING: Alert - due to lack of localFieldStep`
`139`	`139`	`}`
`140`	`140`	`}`
`141`	`141`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ class Foo {`
`67`	`67`	`const obj = this.obj;`
`68`	`68`	`const path = this.path;`
`69`	`69`	`const value = this.value;`
`70`		`- return (obj[path[0]][path[1]] = value); // $ Alert`
	`70`	`+ return (obj[path[0]][path[1]] = value); // $ MISSING: Alert - lacking local field step`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`safe() {`