Skip to content

Commit bd3fccd

Browse files
asgerfasgerf
committed
JS: Update test output with provenance column
1 parent 20df5ad commit bd3fccd

File tree

10 files changed

+1072
-1072
lines changed

10 files changed

+1072
-1072
lines changed

javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected

Lines changed: 111 additions & 111 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
edges
2-
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
3-
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
4-
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
5-
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
6-
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
7-
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
2+
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | provenance | |
3+
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | provenance | |
4+
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | provenance | |
5+
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | provenance | |
6+
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | provenance | |
7+
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | provenance | |
88
nodes
99
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
1010
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |

javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected

Lines changed: 140 additions & 140 deletions
Large diffs are not rendered by default.

javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,30 @@
11
edges
2-
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev |
3-
| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message |
4-
| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message |
5-
| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data |
6-
| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) |
7-
| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name |
8-
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] |
9-
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev |
10-
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev |
11-
| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message |
12-
| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message |
13-
| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message |
14-
| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message |
15-
| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message |
16-
| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data |
17-
| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) |
18-
| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name |
19-
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] |
20-
| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name |
21-
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] |
22-
| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name |
23-
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] |
24-
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] |
25-
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] |
26-
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name |
27-
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name |
2+
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | |
3+
| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | |
4+
| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | |
5+
| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | |
6+
| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | |
7+
| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | |
8+
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | |
9+
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | |
10+
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | |
11+
| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | |
12+
| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | provenance | |
13+
| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | |
14+
| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | |
15+
| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | |
16+
| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | |
17+
| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | |
18+
| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | |
19+
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | |
20+
| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | |
21+
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | |
22+
| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | |
23+
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | |
24+
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | |
25+
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | |
26+
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | |
27+
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | |
2828
nodes
2929
| example.js:9:37:9:38 | ev | semmle.label | ev |
3030
| example.js:10:9:10:37 | message | semmle.label | message |

javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
edges
2-
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] |
3-
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] |
4-
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] |
5-
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] |
6-
| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data |
7-
| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo |
2+
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] | provenance | |
3+
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | |
4+
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | provenance | |
5+
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | |
6+
| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | |
7+
| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | |
88
nodes
99
| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password |
1010
| PostMessageStar2.js:4:7:4:15 | data [foo] | semmle.label | data [foo] |

javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
edges
2-
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
3-
| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText |
4-
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
2+
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | provenance | |
3+
| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | provenance | |
4+
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | provenance | |
55
nodes
66
| tst.js:3:5:3:24 | secretText | semmle.label | secretText |
77
| tst.js:3:18:3:24 | trusted | semmle.label | trusted |

javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected

Lines changed: 32 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,36 @@
11
edges
2-
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
3-
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix |
4-
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
5-
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix |
6-
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix |
7-
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
8-
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
9-
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
10-
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
11-
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
12-
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand |
13-
| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand |
14-
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 |
15-
| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) |
16-
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat |
17-
| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat |
18-
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() |
19-
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() |
20-
| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret |
21-
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
22-
| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 |
23-
| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) |
24-
| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 |
25-
| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) |
26-
| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 |
27-
| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) |
28-
| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 |
29-
| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) |
30-
| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password |
31-
| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] |
32-
| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length |
33-
| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) |
2+
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | |
3+
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | |
4+
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | |
5+
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | |
6+
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | |
7+
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | |
8+
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | |
9+
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | |
10+
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | |
11+
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | |
12+
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | |
13+
| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | |
14+
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | |
15+
| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | |
16+
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | |
17+
| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | |
18+
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | |
19+
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | |
20+
| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | |
21+
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | |
22+
| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | |
23+
| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | |
24+
| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | |
25+
| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | |
26+
| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | |
27+
| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | |
28+
| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | |
29+
| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | |
30+
| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | |
31+
| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | |
32+
| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | |
33+
| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | |
3434
nodes
3535
| tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() |
3636
| tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() |

0 commit comments

Comments
 (0)