JS: Accept some more alerts from CleartextStorage

asgerf · asgerf · commit fc9570234184 · 2025-02-28T13:28:14.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_1.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_1.js
@@ -3,4 +3,4 @@ var app = express();
 app.get('/some/path', function() {
 })
 
-console.log(password);
+console.log(password); // $ Alert[js/clear-text-logging]
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_2.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_2.js
@@ -1,3 +1,3 @@
 require("foo");
 (function (req, res){});
-console.log(password);
+console.log(password); // $ Alert[js/clear-text-logging]
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_3.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_3.js
@@ -1,2 +1,2 @@
 var server = require("./server");
-console.log(password);
+console.log(password); // $ Alert[js/clear-text-logging]
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_4.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_4.js
@@ -1,2 +1,2 @@
 require("foo");
-console.log(password);
+console.log(password); // $ Alert[js/clear-text-logging]
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_5.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords_in_server_5.js
@@ -5,5 +5,5 @@ app.get('/some/path', function() {
 })
 
 function f(x) {
-    console.log(x);
+    console.log(x); // $ Alert[js/clear-text-logging]
 }
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/tst-webstorage.js b/javascript/ql/test/query-tests/Security/CWE-312/tst-webstorage.js
@@ -1,4 +1,4 @@
-localStorage.x = data.password;
-localStorage.setItem('x', data.password)
-sessionStorage.x = data.password;
-sessionStorage.setItem('x', data.password)
+localStorage.x = data.password; // $ Alert[js/clear-text-storage-of-sensitive-data]
+localStorage.setItem('x', data.password) // $ Alert[js/clear-text-storage-of-sensitive-data]
+sessionStorage.x = data.password; // $ Alert[js/clear-text-storage-of-sensitive-data]
+sessionStorage.setItem('x', data.password) // $ Alert[js/clear-text-storage-of-sensitive-data]

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`var server = require("./server");`
`2`		`-console.log(password);`
	`2`	`+console.log(password); // $ Alert[js/clear-text-logging]`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`require("foo");`
`2`		`-console.log(password);`
	`2`	`+console.log(password); // $ Alert[js/clear-text-logging]`
Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,5 @@ app.get('/some/path', function() {`
`5`	`5`	`})`
`6`	`6`
`7`	`7`	`function f(x) {`
`8`		`- console.log(x);`
	`8`	`+ console.log(x); // $ Alert[js/clear-text-logging]`
`9`	`9`	`}`