From f87f6c85569197b3c5f3992d44c0ba4788426fdb Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Mon, 17 Apr 2023 12:14:56 +0200
Subject: [PATCH] JS: Add test to unsafe jquery plugin

---
 .../ConsistencyUnsafeJQueryPlugin.expected      |  1 +
 .../UnsafeJQueryPlugin.expected                 | 17 +++++++++++++++++
 .../UnsafeJQueryPlugin/unsafe-jquery-plugin.js  | 12 +++++++++++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected
index e69de29bb2d..2925e8cb354 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.expected
@@ -0,0 +1 @@
+| query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:199 | did not expect an alert, but found an alert for UnsafeJQueryPlugin | OK |  |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected
index 23a7d82ca14..b07f6b561d9 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected
@@ -127,6 +127,13 @@ nodes
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
+| unsafe-jquery-plugin.js:196:33:196:39 | options |
+| unsafe-jquery-plugin.js:196:33:196:39 | options |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} |
+| unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:202:4:202:10 | options |
 edges
 | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
 | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
@@ -256,6 +263,15 @@ edges
 | unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of |
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
 | unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
+| unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:202:4:202:10 | options |
+| unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:202:4:202:10 | options |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} | unsafe-jquery-plugin.js:199:8:199:11 | this |
+| unsafe-jquery-plugin.js:202:4:202:10 | options | unsafe-jquery-plugin.js:197:3:203:3 | $.exten ... ns,\\n\\t\\t) |
+| unsafe-jquery-plugin.js:202:4:202:10 | options | unsafe-jquery-plugin.js:197:12:201:4 | {\\n\\t\\t\\t\\tf ... \\t}\\n\\t\\t\\t} |
 #select
 | unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
@@ -280,3 +296,4 @@ edges
 | unsafe-jquery-plugin.js:170:6:170:11 | target | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:170:6:170:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:160:19:173:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
 | unsafe-jquery-plugin.js:192:19:192:28 | options.of | unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:192:19:192:28 | options.of | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:185:18:194:2 | functio ... et);\\n\\t} | '$.fn.position' plugin |
+| unsafe-jquery-plugin.js:199:8:199:11 | this | unsafe-jquery-plugin.js:196:33:196:39 | options | unsafe-jquery-plugin.js:199:8:199:11 | this | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:196:23:204:2 | functio ... \\t\\t);\\n\\t} | '$.fn.blockReceiver' plugin |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
index b695c57fab8..bda981fe2b7 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
@@ -188,8 +188,18 @@
 		}
 		// extending options
 		options = $.extend( {}, options );
-	
+
 		var target = $( options.of ); // NOT OK
 		console.log(target);
 	};
+
+	$.fn.blockReceiver = function( options ) {
+		$.extend({
+				foo() {
+					$(this); // OK
+				}
+			},
+			options,
+		);
+	};
 });