Skip to content

Commit 2e2181b

Browse files
asgerfasgerf
committed
JS: Update test output that only affects nodes/edges/subpaths
1 parent 3e196f8 commit 2e2181b

File tree

15 files changed

+244
-38
lines changed

15 files changed

+244
-38
lines changed

javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ edges
1414
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | |
1515
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | |
1616
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
17-
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
1817
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | provenance | |
1918
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | |
2019
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | provenance | |

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ edges
1616
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | |
1717
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | |
1818
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
19+
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
1920
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | |
2021
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
2122
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
@@ -26,12 +27,18 @@ edges
2627
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | |
2728
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | |
2829
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | |
29-
| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
30+
| child_process-test.js:46:9:46:17 | args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | |
31+
| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:46:9:46:17 | args [1] | provenance | |
32+
| child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance | |
33+
| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args [1] | provenance | |
34+
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
3035
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
31-
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
32-
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | provenance | |
36+
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | provenance | |
3337
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | |
38+
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | |
3439
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | |
40+
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | provenance | |
41+
| child_process-test.js:66:19:66:22 | args [1] | child_process-test.js:66:19:66:22 | args | provenance | |
3542
| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | |
3643
| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | |
3744
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | |
@@ -46,26 +53,18 @@ edges
4653
| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | |
4754
| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | |
4855
| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | |
49-
| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | provenance | |
50-
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | provenance | |
5156
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | |
5257
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
5358
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
54-
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | provenance | |
55-
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | provenance | |
5659
| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | |
5760
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | |
58-
| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | provenance | |
5961
| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | |
60-
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | provenance | |
6162
| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | |
6263
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | |
6364
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | |
6465
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | |
6566
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | |
66-
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | provenance | |
6767
| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | |
68-
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | provenance | |
6968
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | |
7069
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | |
7170
| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | |
@@ -127,15 +126,22 @@ nodes
127126
| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd |
128127
| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd |
129128
| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd |
129+
| child_process-test.js:46:9:46:17 | args [1] | semmle.label | args [1] |
130+
| child_process-test.js:48:5:48:8 | [post update] args [1] | semmle.label | [post update] args [1] |
131+
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
130132
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
133+
| child_process-test.js:49:15:49:18 | args [1] | semmle.label | args [1] |
131134
| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd |
132135
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) |
133-
| child_process-test.js:56:46:56:57 | ["bar", cmd] | semmle.label | ["bar", cmd] |
136+
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | semmle.label | ['/C', ... , cmd]) [ArrayElement] |
134137
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] |
135138
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
136139
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
137140
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) |
141+
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | semmle.label | ['/C', ... at(cmd) [ArrayElement] |
138142
| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd |
143+
| child_process-test.js:66:19:66:22 | args | semmle.label | args |
144+
| child_process-test.js:66:19:66:22 | args [1] | semmle.label | args [1] |
139145
| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd |
140146
| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) |
141147
| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url |
@@ -155,23 +161,17 @@ nodes
155161
| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) |
156162
| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url |
157163
| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd |
158-
| execSeries.js:3:20:3:22 | arr | semmle.label | arr |
159164
| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] |
160165
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] |
161-
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | semmle.label | (functi ... );\\n }) [arr] |
162-
| execSeries.js:6:14:6:16 | arr | semmle.label | arr |
163166
| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] |
164167
| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] |
165-
| execSeries.js:13:19:13:26 | commands | semmle.label | commands |
166168
| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] |
167-
| execSeries.js:14:13:14:20 | commands | semmle.label | commands |
168169
| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] |
169170
| execSeries.js:14:24:14:30 | command | semmle.label | command |
170171
| execSeries.js:14:41:14:47 | command | semmle.label | command |
171172
| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd |
172173
| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) |
173174
| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url |
174-
| execSeries.js:19:12:19:16 | [cmd] | semmle.label | [cmd] |
175175
| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] |
176176
| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd |
177177
| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname |
@@ -239,6 +239,7 @@ subpaths
239239
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
240240
| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
241241
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
242+
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
242243
| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value |
243244
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value |
244245
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value |

0 commit comments

Comments
 (0)