Skip to content

Commit 6806bc1

Browse files
asgerfasgerf
committed
JS: Expand test case
1 parent 5c12780 commit 6806bc1

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,11 @@ nodes
3737
| tst.js:98:9:98:16 | data.foo |
3838
| tst.js:98:9:98:16 | data.foo |
3939
| tst.js:98:9:98:16 | data.foo |
40+
| tst.js:103:9:103:29 | data |
41+
| tst.js:103:16:103:29 | req.query.data |
42+
| tst.js:103:16:103:29 | req.query.data |
43+
| tst.js:104:5:104:8 | data |
44+
| tst.js:104:5:104:8 | data |
4045
edges
4146
| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
4247
| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
@@ -67,6 +72,10 @@ edges
6772
| tst.js:90:5:90:12 | data.foo | tst.js:90:5:90:12 | data.foo |
6873
| tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo |
6974
| tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo |
75+
| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data |
76+
| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data |
77+
| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data |
78+
| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data |
7079
#select
7180
| tst.js:6:5:6:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:6:5:6:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter |
7281
| tst.js:8:5:8:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:8:5:8:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter |
@@ -80,3 +89,4 @@ edges
8089
| tst.js:90:5:90:12 | data.foo | tst.js:90:5:90:12 | data.foo | tst.js:90:5:90:12 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:90:5:90:12 | data.foo | this HTTP request parameter |
8190
| tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:92:9:92:16 | data.foo | this HTTP request parameter |
8291
| tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:98:9:98:16 | data.foo | this HTTP request parameter |
92+
| tst.js:104:5:104:8 | data | tst.js:103:16:103:29 | req.query.data | tst.js:104:5:104:8 | data | Potential type confusion as $@ may be either an array or a string. | tst.js:103:16:103:29 | req.query.data | this HTTP request parameter |

javascript/ql/test/query-tests/Security/CWE-843/tst.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ express().get('/foo', function (req, res) {
101101

102102
express().get('/foo', function (req, res) {
103103
let data = req.query.data;
104+
data.indexOf(); // NOT OK
104105
if (Array.isArray(data)) {
105106
data.indexOf(); // OK
106107
} else {

0 commit comments

Comments
 (0)