JavaScript: Update qhelp example for CleartextStorage.

Max Schaefer · Max Schaefer · commit aebc5bc6c34f · 2019-02-08T08:43:22.000Z
diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.qhelp b/javascript/ql/src/Security/CWE-312/CleartextStorage.qhelp
@@ -35,8 +35,7 @@ causing logged sensitive information to be stored as well.
 
 <example>
 <p>
-The following example code stores user credentials (in this case, their account
-name) in a cookie in plain text:
+The following example code stores user credentials (in this case, their password) in a cookie in plain text:
 </p>
 <sample src="examples/CleartextStorage.js"/>
 <p>
diff --git a/javascript/ql/src/Security/CWE-312/examples/CleartextStorage.js b/javascript/ql/src/Security/CWE-312/examples/CleartextStorage.js
@@ -1,8 +1,8 @@
 var express = require('express');
 
 var app = express();
-app.get('/', function (req, res) {
-  let accountName = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
   // BAD: Setting a cookie value with cleartext sensitive data.
-  res.cookie("AccountName", accountName);
+  res.cookie("password", pw);
 });
diff --git a/javascript/ql/src/Security/CWE-312/examples/CleartextStorageGood.js b/javascript/ql/src/Security/CWE-312/examples/CleartextStorageGood.js
@@ -8,8 +8,8 @@ function encrypt(text){
 }
 
 var app = express();
-app.get('/', function (req, res) {
-  let accountName = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
   // GOOD: Encoding the value before setting it.
-  res.cookie("AccountName", encrypt(accountName));
+  res.cookie("password", encrypt(pw));
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
@@ -1,11 +1,11 @@
 nodes
-| CleartextStorage2.js:5:7:5:52 | a |
-| CleartextStorage2.js:5:11:5:52 | url.par ... untName |
-| CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a |
-| CleartextStorage2.js:7:36:7:36 | a |
-| CleartextStorage.js:5:7:5:34 | a |
-| CleartextStorage.js:5:11:5:34 | req.par ... tName") |
-| CleartextStorage.js:7:29:7:29 | a |
+| CleartextStorage2.js:5:7:5:58 | pw |
+| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
+| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
+| CleartextStorage2.js:7:33:7:34 | pw |
+| CleartextStorage.js:5:7:5:40 | pw |
+| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
+| CleartextStorage.js:7:26:7:27 | pw |
 | tst-angularjs.js:3:32:3:45 | data1.password |
 | tst-angularjs.js:4:33:4:46 | data2.password |
 | tst-angularjs.js:5:27:5:40 | data3.password |
@@ -15,14 +15,14 @@ nodes
 | tst-webstorage.js:3:20:3:32 | data.password |
 | tst-webstorage.js:4:29:4:41 | data.password |
 edges
-| CleartextStorage2.js:5:7:5:52 | a | CleartextStorage2.js:7:36:7:36 | a |
-| CleartextStorage2.js:5:11:5:52 | url.par ... untName | CleartextStorage2.js:5:7:5:52 | a |
-| CleartextStorage2.js:7:36:7:36 | a | CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a |
-| CleartextStorage.js:5:7:5:34 | a | CleartextStorage.js:7:29:7:29 | a |
-| CleartextStorage.js:5:11:5:34 | req.par ... tName") | CleartextStorage.js:5:7:5:34 | a |
+| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw |
+| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
+| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
+| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
+| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
 #select
-| CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a | CleartextStorage2.js:5:11:5:52 | url.par ... untName | CleartextStorage2.js:7:19:7:36 | 'AccountName=' + a | Sensitive data returned by $@ is stored here. | CleartextStorage2.js:5:11:5:52 | url.par ... untName | an access to AccountName |
-| CleartextStorage.js:7:29:7:29 | a | CleartextStorage.js:5:11:5:34 | req.par ... tName") | CleartextStorage.js:7:29:7:29 | a | Sensitive data returned by $@ is stored here. | CleartextStorage.js:5:11:5:34 | req.par ... tName") | a call to param |
+| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | Sensitive data returned by $@ is stored here. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password |
+| CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | Sensitive data returned by $@ is stored here. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |
 | tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:3:32:3:45 | data1.password | an access to password |
 | tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:4:33:4:46 | data2.password | an access to password |
 | tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | Sensitive data returned by $@ is stored here. | tst-angularjs.js:5:27:5:40 | data3.password | an access to password |
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.js b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.js
@@ -1,8 +1,8 @@
 var express = require('express');
 
 var app = express();
-app.get('/', function (req, res) {
-  let a = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
   // BAD: Setting a cookie value with cleartext sensitive data.
-  res.cookie("AccountName", a);
+  res.cookie("password", pw);
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage2.js b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage2.js
@@ -2,9 +2,9 @@ var https = require('https');
 var url = require('url');
 
 var server = https.createServer(function(req, res) {
-  let a = url.parse(req.url, true).query.AccountName;
+  let pw = url.parse(req.url, true).query.current_password;
   res.writeHead(200, {
-    'Set-Cookie': 'AccountName=' + a,
+    'Set-Cookie': 'password=' + pw,
     'Content-Type': 'text/plain'
   });
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorageGood.js b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorageGood.js
@@ -8,8 +8,8 @@ function encrypt(text){
 }
 
 var app = express();
-app.get('/', function (req, res) {
-  let accountName = req.param("AccountName");
+app.get('/remember-password', function (req, res) {
+  let pw = req.param("current_password");
   // GOOD: Encoding the value before setting it.
-  res.cookie("AccountName", encrypt(accountName));
+  res.cookie("password", encrypt(pw));
 });
