Skip to content

Commit ad5abc6

Browse files
committed
JS: Move typed test into separate test
1 parent ea446f2 commit ad5abc6

21 files changed

+24
-15
lines changed

javascript/ql/test/query-tests/Security/CWE-089/tsconfig.json

Lines changed: 0 additions & 1 deletion
This file was deleted.
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
nodes
2+
| typedClient.ts:13:7:13:32 | v |
3+
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
4+
| typedClient.ts:13:22:13:29 | req.body |
5+
| typedClient.ts:13:22:13:31 | req.body.x |
6+
| typedClient.ts:14:24:14:32 | { id: v } |
7+
| typedClient.ts:14:30:14:30 | v |
8+
edges
9+
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
10+
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
11+
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
12+
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
13+
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
14+
#select
15+
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.qlref renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.qlref

File renamed without changes.

javascript/ql/test/query-tests/Security/CWE-089/shim.d.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/shim.d.ts

File renamed without changes.
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"include": ["."],
3+
"compilerOptions": {
4+
"esModuleInterop": true
5+
}
6+
}

javascript/ql/test/query-tests/Security/CWE-089/typedClient.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/typedClient.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import * as mongodb from "mongodb";
22

3-
import express from 'express';
4-
import bodyParser from 'body-parser';
3+
const express = require('express') as any;
4+
const bodyParser = require('body-parser') as any;
55

66
declare function getCollection(): mongodb.Collection;
77

javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.expected renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -63,12 +63,6 @@ nodes
6363
| tst4.js:8:46:8:60 | $routeParams.id |
6464
| tst.js:10:10:10:64 | 'SELECT ... d + '"' |
6565
| tst.js:10:46:10:58 | req.params.id |
66-
| typedClient.ts:13:7:13:32 | v |
67-
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
68-
| typedClient.ts:13:22:13:29 | req.body |
69-
| typedClient.ts:13:22:13:31 | req.body.x |
70-
| typedClient.ts:14:24:14:32 | { id: v } |
71-
| typedClient.ts:14:30:14:30 | v |
7266
edges
7367
| mongodb.js:12:11:12:20 | query | mongodb.js:14:59:14:58 | query |
7468
| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
@@ -162,11 +156,6 @@ edges
162156
| tst.js:10:10:10:58 | 'SELECT ... rams.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
163157
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:58 | 'SELECT ... rams.id |
164158
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
165-
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
166-
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
167-
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
168-
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
169-
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
170159
#select
171160
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
172161
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
@@ -193,4 +182,3 @@ edges
193182
| tst3.js:10:14:10:19 | query1 | tst3.js:9:16:9:34 | req.params.category | tst3.js:10:14:10:19 | query1 | This query depends on $@. | tst3.js:9:16:9:34 | req.params.category | a user-provided value |
194183
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
195184
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
196-
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security/CWE-089/SqlInjection.ql

javascript/ql/test/query-tests/Security/CWE-089/mongodb.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb.js

File renamed without changes.

javascript/ql/test/query-tests/Security/CWE-089/mongodb_bodySafe.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb_bodySafe.js

File renamed without changes.

0 commit comments

Comments
 (0)