Skip to content

Commit cf90c83

Browse files
asgerfasgerf
committed
JS: Accept changes to nodes/edges results
1 parent 3b09bc5 commit cf90c83

File tree

5 files changed

+49
-12
lines changed

5 files changed

+49
-12
lines changed

javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,33 +7,52 @@ edges
77
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | provenance | |
88
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | provenance | |
99
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | provenance | |
10+
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | provenance | |
11+
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | provenance | |
1012
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | provenance | |
1113
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | provenance | |
1214
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | provenance | |
1315
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | provenance | |
1416
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | provenance | |
1517
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | |
18+
| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | |
1619
| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | |
20+
| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | provenance | |
21+
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | |
1722
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | provenance | |
1823
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | provenance | |
1924
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | provenance | |
25+
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | provenance | |
26+
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | provenance | |
27+
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | provenance | |
2028
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | |
29+
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | |
2130
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | |
31+
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | |
2232
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | provenance | |
33+
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | provenance | |
2334
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | |
35+
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | |
2436
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | |
37+
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | provenance | |
38+
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | |
2539
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | provenance | |
2640
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | provenance | |
2741
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | |
42+
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | provenance | |
43+
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | |
2844
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | |
2945
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | |
3046
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | |
47+
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | provenance | |
3148
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | provenance | |
3249
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | |
3350
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | provenance | |
3451
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | |
3552
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | provenance | |
3653
| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | |
54+
| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | provenance | |
55+
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | |
3756
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
3857
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
3958
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | |
@@ -139,19 +158,29 @@ nodes
139158
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | semmle.label | process ... lice(2) |
140159
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
141160
| command-line-parameter-command-injection.js:11:14:11:17 | args | semmle.label | args |
161+
| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | semmle.label | args [ArrayElement] |
142162
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | semmle.label | args[0] |
143163
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | semmle.label | "cmd.sh " + args[0] |
144164
| command-line-parameter-command-injection.js:12:26:12:29 | args | semmle.label | args |
165+
| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | semmle.label | args [ArrayElement] |
166+
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | semmle.label | args[0] |
145167
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | semmle.label | fewerArgs |
168+
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
146169
| command-line-parameter-command-injection.js:14:18:14:21 | args | semmle.label | args |
147170
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | semmle.label | args [ArrayElement] |
148171
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | semmle.label | args.slice(1) |
172+
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | semmle.label | args.slice(1) [ArrayElement] |
149173
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | semmle.label | fewerArgs |
174+
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
150175
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | semmle.label | fewerArgs[0] |
151176
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | semmle.label | "cmd.sh ... Args[0] |
152177
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | semmle.label | fewerArgs |
178+
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
179+
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | semmle.label | fewerArgs[0] |
153180
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | semmle.label | arg0 |
154181
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | semmle.label | fewerArgs |
182+
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
183+
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | semmle.label | fewerArgs[0] |
155184
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | semmle.label | arg0 |
156185
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 |
157186
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 |
@@ -162,6 +191,8 @@ nodes
162191
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
163192
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
164193
| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args |
194+
| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
195+
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | semmle.label | args[0] |
165196
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
166197
| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args |
167198
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -545,7 +545,6 @@ nodes
545545
| tst.js:421:20:421:24 | match | semmle.label | match |
546546
| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] |
547547
| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash |
548-
| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') |
549548
| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] |
550549
| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
551550
| tst.js:428:7:428:39 | target | semmle.label | target |
@@ -1146,13 +1145,8 @@ edges
11461145
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | |
11471146
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | |
11481147
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
1149-
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | |
1150-
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config |
11511148
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config |
1152-
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
1153-
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
11541149
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
1155-
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
11561150
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
11571151
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
11581152
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -550,7 +550,6 @@ nodes
550550
| tst.js:421:20:421:24 | match | semmle.label | match |
551551
| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] |
552552
| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash |
553-
| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') |
554553
| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] |
555554
| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
556555
| tst.js:428:7:428:39 | target | semmle.label | target |
@@ -1171,13 +1170,8 @@ edges
11711170
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | |
11721171
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | |
11731172
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
1174-
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | |
1175-
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config |
11761173
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config |
1177-
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
1178-
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
11791174
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
1180-
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
11811175
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
11821176
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
11831177
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |

javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,10 +42,14 @@ nodes
4242
| tst10.js:14:17:14:56 | 'https: ... .search | semmle.label | 'https: ... .search |
4343
| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search |
4444
| tst12.js:3:9:3:50 | urlParts | semmle.label | urlParts |
45+
| tst12.js:3:9:3:50 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
4546
| tst12.js:3:20:3:39 | window.location.hash | semmle.label | window.location.hash |
4647
| tst12.js:3:20:3:50 | window. ... it('?') | semmle.label | window. ... it('?') |
48+
| tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | semmle.label | window. ... it('?') [ArrayElement] |
4749
| tst12.js:4:9:4:45 | loc | semmle.label | loc |
4850
| tst12.js:4:15:4:22 | urlParts | semmle.label | urlParts |
51+
| tst12.js:4:15:4:22 | urlParts [ArrayElement] | semmle.label | urlParts [ArrayElement] |
52+
| tst12.js:4:15:4:25 | urlParts[0] | semmle.label | urlParts[0] |
4953
| tst12.js:5:23:5:25 | loc | semmle.label | loc |
5054
| tst13.js:2:9:2:52 | payload | semmle.label | payload |
5155
| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search |
@@ -146,10 +150,15 @@ edges
146150
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | provenance | |
147151
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | provenance | |
148152
| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | provenance | |
153+
| tst12.js:3:9:3:50 | urlParts [ArrayElement] | tst12.js:4:15:4:22 | urlParts [ArrayElement] | provenance | |
149154
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | provenance | |
155+
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | provenance | |
150156
| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | provenance | |
157+
| tst12.js:3:20:3:50 | window. ... it('?') [ArrayElement] | tst12.js:3:9:3:50 | urlParts [ArrayElement] | provenance | |
151158
| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | provenance | |
152159
| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | provenance | |
160+
| tst12.js:4:15:4:22 | urlParts [ArrayElement] | tst12.js:4:15:4:25 | urlParts[0] | provenance | |
161+
| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:9:4:45 | loc | provenance | |
153162
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | |
154163
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | |
155164
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | |

0 commit comments

Comments
 (0)