Skip to content

Commit 94814fa

Browse files
committed
fix typos in the test
1 parent d765a33 commit 94814fa

File tree

2 files changed

+82
-34
lines changed

2 files changed

+82
-34
lines changed

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

Lines changed: 76 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1282,16 +1282,40 @@ nodes
12821282
| normalizedPaths.js:262:21:262:24 | path |
12831283
| normalizedPaths.js:262:21:262:24 | path |
12841284
| normalizedPaths.js:262:21:262:24 | path |
1285-
| normalizedPaths.js:270:21:270:24 | path |
1286-
| normalizedPaths.js:270:21:270:24 | path |
1287-
| normalizedPaths.js:270:21:270:24 | path |
1288-
| normalizedPaths.js:270:21:270:24 | path |
1289-
| normalizedPaths.js:270:21:270:24 | path |
1290-
| normalizedPaths.js:278:21:278:24 | path |
1291-
| normalizedPaths.js:278:21:278:24 | path |
1292-
| normalizedPaths.js:278:21:278:24 | path |
1293-
| normalizedPaths.js:278:21:278:24 | path |
1294-
| normalizedPaths.js:278:21:278:24 | path |
1285+
| normalizedPaths.js:267:7:267:42 | newpath |
1286+
| normalizedPaths.js:267:7:267:42 | newpath |
1287+
| normalizedPaths.js:267:7:267:42 | newpath |
1288+
| normalizedPaths.js:267:7:267:42 | newpath |
1289+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
1290+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
1291+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
1292+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
1293+
| normalizedPaths.js:267:38:267:41 | path |
1294+
| normalizedPaths.js:267:38:267:41 | path |
1295+
| normalizedPaths.js:267:38:267:41 | path |
1296+
| normalizedPaths.js:267:38:267:41 | path |
1297+
| normalizedPaths.js:270:21:270:27 | newpath |
1298+
| normalizedPaths.js:270:21:270:27 | newpath |
1299+
| normalizedPaths.js:270:21:270:27 | newpath |
1300+
| normalizedPaths.js:270:21:270:27 | newpath |
1301+
| normalizedPaths.js:270:21:270:27 | newpath |
1302+
| normalizedPaths.js:275:7:275:42 | newpath |
1303+
| normalizedPaths.js:275:7:275:42 | newpath |
1304+
| normalizedPaths.js:275:7:275:42 | newpath |
1305+
| normalizedPaths.js:275:7:275:42 | newpath |
1306+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
1307+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
1308+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
1309+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
1310+
| normalizedPaths.js:275:38:275:41 | path |
1311+
| normalizedPaths.js:275:38:275:41 | path |
1312+
| normalizedPaths.js:275:38:275:41 | path |
1313+
| normalizedPaths.js:275:38:275:41 | path |
1314+
| normalizedPaths.js:278:21:278:27 | newpath |
1315+
| normalizedPaths.js:278:21:278:27 | newpath |
1316+
| normalizedPaths.js:278:21:278:27 | newpath |
1317+
| normalizedPaths.js:278:21:278:27 | newpath |
1318+
| normalizedPaths.js:278:21:278:27 | newpath |
12951319
| tainted-require.js:7:19:7:37 | req.param("module") |
12961320
| tainted-require.js:7:19:7:37 | req.param("module") |
12971321
| tainted-require.js:7:19:7:37 | req.param("module") |
@@ -3679,22 +3703,14 @@ edges
36793703
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path |
36803704
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path |
36813705
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path |
3682-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3683-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3684-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3685-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3686-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3687-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3688-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3689-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:270:21:270:24 | path |
3690-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3691-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3692-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3693-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3694-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3695-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3696-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3697-
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:278:21:278:24 | path |
3706+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path |
3707+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path |
3708+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path |
3709+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path |
3710+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path |
3711+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path |
3712+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path |
3713+
| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path |
36983714
| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path |
36993715
| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path |
37003716
| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path |
@@ -3707,6 +3723,38 @@ edges
37073723
| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) |
37083724
| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) |
37093725
| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) |
3726+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3727+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3728+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3729+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3730+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3731+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3732+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3733+
| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath |
3734+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath |
3735+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath |
3736+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath |
3737+
| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath |
3738+
| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
3739+
| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
3740+
| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
3741+
| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) |
3742+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3743+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3744+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3745+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3746+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3747+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3748+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3749+
| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath |
3750+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath |
3751+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath |
3752+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath |
3753+
| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath |
3754+
| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
3755+
| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
3756+
| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
3757+
| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) |
37103758
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") |
37113759
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") |
37123760
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") |
@@ -4490,8 +4538,8 @@ edges
44904538
| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on $@. | normalizedPaths.js:236:33:236:46 | req.query.path | a user-provided value |
44914539
| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
44924540
| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
4493-
| normalizedPaths.js:270:21:270:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:24 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
4494-
| normalizedPaths.js:278:21:278:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:24 | path | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
4541+
| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
4542+
| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on $@. | normalizedPaths.js:254:33:254:46 | req.query.path | a user-provided value |
44954543
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
44964544
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | a user-provided value |
44974545
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -264,18 +264,18 @@ app.get('/relative-startswith', (req, res) => {
264264
fs.readFileSync(path); // OK!
265265
}
266266

267-
let newpath = pathModule.normalize(p);
268-
var relativePath = path.relative(path.normalize(workspaceDir), newpath);
267+
let newpath = pathModule.normalize(path);
268+
var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
269269
if (relativePath.indexOf('..' + pathModule.sep) === 0) {
270-
fs.readFileSync(path); // NOT OK!
270+
fs.readFileSync(newpath); // NOT OK!
271271
} else {
272272
fs.readFileSync(newpath); // OK!
273273
}
274274

275-
let newpath = pathModule.normalize(p);
276-
var relativePath = path.relative(path.normalize(workspaceDir), newpath);
275+
let newpath = pathModule.normalize(path);
276+
var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
277277
if (relativePath.indexOf('../') === 0) {
278-
fs.readFileSync(path); // NOT OK!
278+
fs.readFileSync(newpath); // NOT OK!
279279
} else {
280280
fs.readFileSync(newpath); // OK!
281281
}

0 commit comments

Comments
 (0)