github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

revert for in additional steps

This commit is contained in:
amammad 2023-10-10 22:12:37 +02:00
Родитель 9053ceb3b7
Коммит 6f73e9c3ba
7 изменённых файлов: 9 добавлений и 74 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

11
javascript/ql/lib/semmle/javascript/frameworks/FormParsers.qll
Просмотреть файл

@ -177,14 +177,3 @@ module Dicer {
}
}
}
/**
* An Additional taint step like `for (succ in pred)`
*/
private class AdditionalTaintStepForIn extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(ForInStmt fis, Variable v | v = fis.getAnIterationVariable() |
succ.asExpr() = v.getAnAccess() and pred.asExpr() = fis.getIterationDomain()
)
}
}

4
javascript/ql/test/library-tests/InterProceduralFlow/tests.expected
Просмотреть файл

@ -104,10 +104,6 @@ taintTracking
| esLib.js:3:21:3:29 | "tainted" | esClient.js:8:13:8:21 | es.source |
| esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo |
| esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source |
| global-forin1.js:2:14:2:26 | [ "tainted" ] | global-forin1.js:1:13:1:13 | p |
| global-forin1.js:2:14:2:26 | [ "tainted" ] | global-forin1.js:4:15:4:15 | p |
| global-forin1.js:2:14:2:26 | [ "tainted" ] | global-forin1.js:7:13:7:13 | p |
| global-forin1.js:2:14:2:26 | [ "tainted" ] | global-forin2.js:1:13:1:13 | p |
| global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) |
| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location |
| global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) |

16
javascript/ql/test/library-tests/frameworks/FormParsers/RemoteFlowSource.expected
Просмотреть файл

@ -47,9 +47,9 @@ nodes
| dicer.js:13:19:13:24 | sink() |
| dicer.js:14:28:14:33 | header |
| dicer.js:14:28:14:33 | header |
| dicer.js:15:23:15:28 | header |
| dicer.js:16:22:16:22 | h |
| dicer.js:16:22:16:22 | h |
| dicer.js:16:22:16:27 | header |
| dicer.js:16:22:16:30 | header[h] |
| dicer.js:16:22:16:30 | header[h] |
| dicer.js:19:26:19:29 | data |
| dicer.js:19:26:19:29 | data |
| dicer.js:20:18:20:21 | data |
@ -148,10 +148,10 @@ edges
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:14:28:14:33 | header | dicer.js:15:23:15:28 | header |
| dicer.js:14:28:14:33 | header | dicer.js:15:23:15:28 | header |
| dicer.js:15:23:15:28 | header | dicer.js:16:22:16:22 | h |
| dicer.js:15:23:15:28 | header | dicer.js:16:22:16:22 | h |
| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header |
| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header |
| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] |
| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
@ -218,7 +218,7 @@ edges
| busybus.js:28:24:28:26 | val | busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | This entity depends on a $@. | busybus.js:27:31:27:33 | val | user-provided value |
| busybus.js:28:29:28:32 | info | busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | This entity depends on a $@. | busybus.js:27:36:27:39 | info | user-provided value |
| dicer.js:13:19:13:24 | sink() | dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | This entity depends on a $@. | dicer.js:12:23:12:26 | part | user-provided value |
| dicer.js:16:22:16:22 | h | dicer.js:14:28:14:33 | header | dicer.js:16:22:16:22 | h | This entity depends on a $@. | dicer.js:14:28:14:33 | header | user-provided value |
| dicer.js:16:22:16:30 | header[h] | dicer.js:14:28:14:33 | header | dicer.js:16:22:16:30 | header[h] | This entity depends on a $@. | dicer.js:14:28:14:33 | header | user-provided value |
| dicer.js:20:18:20:21 | data | dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | This entity depends on a $@. | dicer.js:19:26:19:29 | data | user-provided value |
| formidable.js:8:10:8:15 | fields | formidable.js:7:35:7:49 | form.parse(req) | formidable.js:8:10:8:15 | fields | This entity depends on a $@. | formidable.js:7:35:7:49 | form.parse(req) | user-provided value |
| formidable.js:8:18:8:22 | files | formidable.js:7:35:7:49 | form.parse(req) | formidable.js:8:18:8:22 | files | This entity depends on a $@. | formidable.js:7:35:7:49 | form.parse(req) | user-provided value |

2
javascript/ql/test/library-tests/frameworks/FormParsers/dicer.js
Просмотреть файл

@ -13,7 +13,7 @@ http.createServer((req, res) => {
part.pipe(sink())
part.on('header', (header) => {
for (h in header) {
sink(h)
sink(header[h])
}
});
part.on('data', (data) => {

1
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected
Просмотреть файл

@ -1 +0,0 @@
| query-tests/Security/CWE-079/DomBasedXss/tst.js:296 | did not expect an alert, but found an alert for HtmlInjection | OK | |

25
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
Просмотреть файл

@ -969,18 +969,6 @@ nodes
| tst.js:288:59:288:65 | tainted |
| tst.js:288:59:288:65 | tainted |
| tst.js:288:59:288:65 | tainted |
| tst.js:293:9:293:16 | obj |
| tst.js:293:9:293:16 | obj |
| tst.js:293:15:293:16 | {} |
| tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name |
| tst.js:294:26:294:36 | window.name |
| tst.js:294:26:294:36 | window.name |
| tst.js:295:19:295:21 | obj |
| tst.js:295:19:295:21 | obj |
| tst.js:296:9:296:9 | p |
| tst.js:296:9:296:9 | p |
| tst.js:296:9:296:9 | p |
| tst.js:301:9:301:16 | location |
| tst.js:301:9:301:16 | location |
| tst.js:302:10:302:10 | e |
@ -2151,18 +2139,6 @@ edges
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:293:9:293:16 | obj | tst.js:295:19:295:21 | obj |
| tst.js:293:9:293:16 | obj | tst.js:295:19:295:21 | obj |
| tst.js:293:15:293:16 | {} | tst.js:293:9:293:16 | obj |
| tst.js:293:15:293:16 | {} | tst.js:293:9:293:16 | obj |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e |
| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e |
| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e |
@ -2569,7 +2545,6 @@ edges
| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:264:11:264:21 | window.name | user-provided value |
| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:280:22:280:29 | location | user-provided value |
| tst.js:288:59:288:65 | tainted | tst.js:285:19:285:29 | window.name | tst.js:288:59:288:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:285:19:285:29 | window.name | user-provided value |
| tst.js:296:9:296:9 | p | tst.js:294:26:294:36 | window.name | tst.js:296:9:296:9 | p | Cross-site scripting vulnerability due to $@. | tst.js:294:26:294:36 | window.name | user-provided value |
| tst.js:303:20:303:20 | e | tst.js:301:9:301:16 | location | tst.js:303:20:303:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:301:9:301:16 | location | user-provided value |
| tst.js:311:20:311:20 | e | tst.js:308:10:308:17 | location | tst.js:311:20:311:20 | e | Cross-site scripting vulnerability due to $@. | tst.js:308:10:308:17 | location | user-provided value |
| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | Cross-site scripting vulnerability due to $@. | tst.js:316:35:316:42 | location | user-provided value |

24
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
Просмотреть файл

@ -981,18 +981,6 @@ nodes
| tst.js:288:59:288:65 | tainted |
| tst.js:288:59:288:65 | tainted |
| tst.js:288:59:288:65 | tainted |
| tst.js:293:9:293:16 | obj |
| tst.js:293:9:293:16 | obj |
| tst.js:293:15:293:16 | {} |
| tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name |
| tst.js:294:26:294:36 | window.name |
| tst.js:294:26:294:36 | window.name |
| tst.js:295:19:295:21 | obj |
| tst.js:295:19:295:21 | obj |
| tst.js:296:9:296:9 | p |
| tst.js:296:9:296:9 | p |
| tst.js:296:9:296:9 | p |
| tst.js:301:9:301:16 | location |
| tst.js:301:9:301:16 | location |
| tst.js:302:10:302:10 | e |
@ -2213,18 +2201,6 @@ edges
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted |
| tst.js:293:9:293:16 | obj | tst.js:295:19:295:21 | obj |
| tst.js:293:9:293:16 | obj | tst.js:295:19:295:21 | obj |
| tst.js:293:15:293:16 | {} | tst.js:293:9:293:16 | obj |
| tst.js:293:15:293:16 | {} | tst.js:293:9:293:16 | obj |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:294:26:294:36 | window.name | tst.js:293:15:293:16 | {} |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:295:19:295:21 | obj | tst.js:296:9:296:9 | p |
| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e |
| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e |
| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e |