Skip to content

Commit 7ac30e2

Browse files
asgerfasgerf
committed
JS: Add test for rephinement nodes
1 parent a447645 commit 7ac30e2

File tree

2 files changed

+99
-0
lines changed

2 files changed

+99
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-400/PrototypePollutionUtility.expected

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -779,6 +779,42 @@ nodes
779779
| PrototypePollutionUtility/tests.js:308:28:308:32 | value |
780780
| PrototypePollutionUtility/tests.js:308:28:308:32 | value |
781781
| PrototypePollutionUtility/tests.js:308:28:308:32 | value |
782+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
783+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
784+
| PrototypePollutionUtility/tests.js:314:36:314:38 | src |
785+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key |
786+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key |
787+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key |
788+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value |
789+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value |
790+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value |
791+
| PrototypePollutionUtility/tests.js:318:25:318:27 | src |
792+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
793+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
794+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
795+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
796+
| PrototypePollutionUtility/tests.js:318:29:318:31 | key |
797+
| PrototypePollutionUtility/tests.js:318:29:318:31 | key |
798+
| PrototypePollutionUtility/tests.js:320:38:320:40 | dst |
799+
| PrototypePollutionUtility/tests.js:320:38:320:40 | dst |
800+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
801+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
802+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
803+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
804+
| PrototypePollutionUtility/tests.js:320:42:320:44 | key |
805+
| PrototypePollutionUtility/tests.js:320:42:320:44 | key |
806+
| PrototypePollutionUtility/tests.js:320:48:320:52 | value |
807+
| PrototypePollutionUtility/tests.js:320:48:320:52 | value |
808+
| PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
809+
| PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
810+
| PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
811+
| PrototypePollutionUtility/tests.js:322:21:322:23 | key |
812+
| PrototypePollutionUtility/tests.js:322:21:322:23 | key |
813+
| PrototypePollutionUtility/tests.js:322:21:322:23 | key |
814+
| PrototypePollutionUtility/tests.js:322:28:322:32 | value |
815+
| PrototypePollutionUtility/tests.js:322:28:322:32 | value |
816+
| PrototypePollutionUtility/tests.js:322:28:322:32 | value |
817+
| PrototypePollutionUtility/tests.js:322:28:322:32 | value |
782818
| examples/PrototypePollutionUtility.js:1:16:1:18 | dst |
783819
| examples/PrototypePollutionUtility.js:1:16:1:18 | dst |
784820
| examples/PrototypePollutionUtility.js:1:21:1:23 | src |
@@ -1866,6 +1902,54 @@ edges
18661902
| PrototypePollutionUtility/tests.js:306:38:306:40 | key | PrototypePollutionUtility/tests.js:306:34:306:41 | dst[key] |
18671903
| PrototypePollutionUtility/tests.js:306:44:306:48 | value | PrototypePollutionUtility/tests.js:301:32:301:34 | src |
18681904
| PrototypePollutionUtility/tests.js:306:44:306:48 | value | PrototypePollutionUtility/tests.js:301:32:301:34 | src |
1905+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:320:38:320:40 | dst |
1906+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:320:38:320:40 | dst |
1907+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
1908+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
1909+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
1910+
| PrototypePollutionUtility/tests.js:314:31:314:33 | dst | PrototypePollutionUtility/tests.js:322:17:322:19 | dst |
1911+
| PrototypePollutionUtility/tests.js:314:36:314:38 | src | PrototypePollutionUtility/tests.js:318:25:318:27 | src |
1912+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:318:29:318:31 | key |
1913+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:318:29:318:31 | key |
1914+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:318:29:318:31 | key |
1915+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:318:29:318:31 | key |
1916+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:320:42:320:44 | key |
1917+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:320:42:320:44 | key |
1918+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:320:42:320:44 | key |
1919+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:320:42:320:44 | key |
1920+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1921+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1922+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1923+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1924+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1925+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1926+
| PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:21:322:23 | key |
1927+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:320:48:320:52 | value |
1928+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:320:48:320:52 | value |
1929+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1930+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1931+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1932+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1933+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1934+
| PrototypePollutionUtility/tests.js:318:17:318:32 | value | PrototypePollutionUtility/tests.js:322:28:322:32 | value |
1935+
| PrototypePollutionUtility/tests.js:318:25:318:27 | src | PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
1936+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] | PrototypePollutionUtility/tests.js:318:17:318:32 | value |
1937+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] | PrototypePollutionUtility/tests.js:318:17:318:32 | value |
1938+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] | PrototypePollutionUtility/tests.js:318:17:318:32 | value |
1939+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] | PrototypePollutionUtility/tests.js:318:17:318:32 | value |
1940+
| PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] | PrototypePollutionUtility/tests.js:318:17:318:32 | value |
1941+
| PrototypePollutionUtility/tests.js:318:29:318:31 | key | PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
1942+
| PrototypePollutionUtility/tests.js:318:29:318:31 | key | PrototypePollutionUtility/tests.js:318:25:318:32 | src[key] |
1943+
| PrototypePollutionUtility/tests.js:320:38:320:40 | dst | PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
1944+
| PrototypePollutionUtility/tests.js:320:38:320:40 | dst | PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
1945+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] | PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
1946+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] | PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
1947+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] | PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
1948+
| PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] | PrototypePollutionUtility/tests.js:314:31:314:33 | dst |
1949+
| PrototypePollutionUtility/tests.js:320:42:320:44 | key | PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
1950+
| PrototypePollutionUtility/tests.js:320:42:320:44 | key | PrototypePollutionUtility/tests.js:320:38:320:45 | dst[key] |
1951+
| PrototypePollutionUtility/tests.js:320:48:320:52 | value | PrototypePollutionUtility/tests.js:314:36:314:38 | src |
1952+
| PrototypePollutionUtility/tests.js:320:48:320:52 | value | PrototypePollutionUtility/tests.js:314:36:314:38 | src |
18691953
| examples/PrototypePollutionUtility.js:1:16:1:18 | dst | examples/PrototypePollutionUtility.js:5:19:5:21 | dst |
18701954
| examples/PrototypePollutionUtility.js:1:16:1:18 | dst | examples/PrototypePollutionUtility.js:5:19:5:21 | dst |
18711955
| examples/PrototypePollutionUtility.js:1:16:1:18 | dst | examples/PrototypePollutionUtility.js:7:13:7:15 | dst |
@@ -1984,4 +2068,5 @@ edges
19842068
| PrototypePollutionUtility/tests.js:270:13:270:15 | dst | PrototypePollutionUtility/tests.js:265:19:265:26 | entry[0] | PrototypePollutionUtility/tests.js:270:13:270:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:264:20:264:22 | src | src | PrototypePollutionUtility/tests.js:270:13:270:15 | dst | dst |
19852069
| PrototypePollutionUtility/tests.js:280:13:280:15 | dst | PrototypePollutionUtility/tests.js:276:34:276:36 | key | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:276:21:276:23 | src | src | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | dst |
19862070
| PrototypePollutionUtility/tests.js:308:17:308:19 | dst | PrototypePollutionUtility/tests.js:302:14:302:16 | key | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:302:21:302:23 | src | src | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | dst |
2071+
| PrototypePollutionUtility/tests.js:322:17:322:19 | dst | PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:17:322:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:315:21:315:23 | src | src | PrototypePollutionUtility/tests.js:322:17:322:19 | dst | dst |
19872072
| examples/PrototypePollutionUtility.js:7:13:7:15 | dst | examples/PrototypePollutionUtility.js:2:14:2:16 | key | examples/PrototypePollutionUtility.js:7:13:7:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | examples/PrototypePollutionUtility.js:2:21:2:23 | src | src | examples/PrototypePollutionUtility.js:7:13:7:15 | dst | dst |

javascript/ql/test/query-tests/Security/CWE-400/PrototypePollutionUtility/tests.js

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,3 +310,17 @@ function typeofObjectTest(dst, src) {
310310
}
311311
}
312312
}
313+
314+
function mergeRephinementNode(dst, src) {
315+
for (let key in src) {
316+
if (src.hasOwnProperty(key)) {
317+
if (key === key && key === key) continue; // Create a phi-node of refinement nodes
318+
let value = src[key];
319+
if (dst[key] && typeof value === 'object') {
320+
mergeRephinementNode(dst[key], value);
321+
} else {
322+
dst[key] = value; // NOT OK
323+
}
324+
}
325+
}
326+
}

0 commit comments

Comments
 (0)