Skip to content

Commit d7dab8b

Browse files
NapalysNapalys
committed
Fixes false positives from commit 42600c9 
1 parent 42600c9 commit d7dab8b

File tree

2 files changed

+5
-18
lines changed
  • javascript/ql/test

2 files changed

+5
-18
lines changed

javascript/ql/test/experimental/Security/CWE-918/SSRF.expected

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -51,18 +51,10 @@ nodes
5151
| check-regex.js:41:13:41:43 | "test.c ... tainted |
5252
| check-regex.js:41:27:41:43 | req.query.tainted |
5353
| check-regex.js:41:27:41:43 | req.query.tainted |
54-
| check-regex.js:58:15:58:42 | baseURL ... tainted |
55-
| check-regex.js:58:15:58:42 | baseURL ... tainted |
56-
| check-regex.js:58:25:58:42 | req.params.tainted |
57-
| check-regex.js:58:25:58:42 | req.params.tainted |
5854
| check-regex.js:61:15:61:42 | baseURL ... tainted |
5955
| check-regex.js:61:15:61:42 | baseURL ... tainted |
6056
| check-regex.js:61:25:61:42 | req.params.tainted |
6157
| check-regex.js:61:25:61:42 | req.params.tainted |
62-
| check-regex.js:63:15:63:42 | baseURL ... tainted |
63-
| check-regex.js:63:15:63:42 | baseURL ... tainted |
64-
| check-regex.js:63:25:63:42 | req.params.tainted |
65-
| check-regex.js:63:25:63:42 | req.params.tainted |
6658
| check-validator.js:15:15:15:45 | "test.c ... tainted |
6759
| check-validator.js:15:15:15:45 | "test.c ... tainted |
6860
| check-validator.js:15:29:15:45 | req.query.tainted |
@@ -139,18 +131,10 @@ edges
139131
| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
140132
| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
141133
| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted |
142-
| check-regex.js:58:25:58:42 | req.params.tainted | check-regex.js:58:15:58:42 | baseURL ... tainted |
143-
| check-regex.js:58:25:58:42 | req.params.tainted | check-regex.js:58:15:58:42 | baseURL ... tainted |
144-
| check-regex.js:58:25:58:42 | req.params.tainted | check-regex.js:58:15:58:42 | baseURL ... tainted |
145-
| check-regex.js:58:25:58:42 | req.params.tainted | check-regex.js:58:15:58:42 | baseURL ... tainted |
146134
| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted |
147135
| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted |
148136
| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted |
149137
| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted |
150-
| check-regex.js:63:25:63:42 | req.params.tainted | check-regex.js:63:15:63:42 | baseURL ... tainted |
151-
| check-regex.js:63:25:63:42 | req.params.tainted | check-regex.js:63:15:63:42 | baseURL ... tainted |
152-
| check-regex.js:63:25:63:42 | req.params.tainted | check-regex.js:63:15:63:42 | baseURL ... tainted |
153-
| check-regex.js:63:25:63:42 | req.params.tainted | check-regex.js:63:15:63:42 | baseURL ... tainted |
154138
| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
155139
| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
156140
| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted |
@@ -190,9 +174,7 @@ edges
190174
| check-regex.js:31:15:31:45 | "test.c ... tainted | check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
191175
| check-regex.js:34:15:34:42 | baseURL ... tainted | check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
192176
| check-regex.js:41:13:41:43 | "test.c ... tainted | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
193-
| check-regex.js:58:15:58:42 | baseURL ... tainted | check-regex.js:58:25:58:42 | req.params.tainted | check-regex.js:58:15:58:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
194177
| check-regex.js:61:15:61:42 | baseURL ... tainted | check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
195-
| check-regex.js:63:15:63:42 | baseURL ... tainted | check-regex.js:63:25:63:42 | req.params.tainted | check-regex.js:63:15:63:42 | baseURL ... tainted | The URL of this request depends on a user-provided value. |
196178
| check-validator.js:15:15:15:45 | "test.c ... tainted | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
197179
| check-validator.js:27:15:27:45 | "test.c ... tainted | check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |
198180
| check-validator.js:50:15:50:45 | "test.c ... tainted | check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | The URL of this request depends on a user-provided value. |

javascript/ql/test/library-tests/StringOps/RegExpTest/tst.js

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,11 @@ function f(str) {
4343
let match2 = str.match(regexp);
4444
if (match2) {}
4545
if (!match2) {}
46+
let otherStr = str.match(/.*/)[0];
47+
console.log(otherStr);
48+
let otherother = str.matchAll(/.*/)[0];
49+
if(otherother) {}
50+
console.log(otherother);
4651
}
4752

4853
function something() {}

0 commit comments

Comments
 (0)