JS: Update with inline test expectations

github · Jan 24, 2025 · 34e20d4 · 34e20d4
1 parent 3b96450
commit 34e20d4
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 158 deletions.
diff --git a/javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts b/javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts
@@ -4,9 +4,9 @@ import { IsIn } from 'class-validator';
 export class Controller {
   @Get()
   route1(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
-    if (Math.random()) return unvalidated; // NOT OK
-    return validatedObj.key; // OK
-  }
+    if (Math.random()) return unvalidated; // $ Alert responseSendArgument
+    return validatedObj.key;  // $ responseSendArgument
+  } // $ routeHandler
 }
 
 class Struct {

diff --git a/javascript/ql/test/library-tests/frameworks/Nest/local/customDecorator.ts b/javascript/ql/test/library-tests/frameworks/Nest/local/customDecorator.ts
@@ -2,7 +2,7 @@ import { Get, createParamDecorator, ExecutionContext } from '@nestjs/common';
 
 export const SneakyQueryParam = createParamDecorator(
   (data: unknown, ctx: ExecutionContext) => {
-    const request = ctx.switchToHttp().getRequest();
+    const request = ctx.switchToHttp().getRequest(); // $ requestSource
     return request.query.sneakyQueryParam;
   },
 );
@@ -16,11 +16,11 @@ export const SafeParam = createParamDecorator(
 export class Controller {
   @Get()
   sneaky(@SneakyQueryParam() value) {
-    return value; // NOT OK
-  }
+    return value; // $ Alert responseSendArgument
+  } // $ routeHandler
 
   @Get()
   safe(@SafeParam() value) {
-    return value; // OK
-  }
+    return value;  // $ responseSendArgument
+  } // $ routeHandler
 }
diff --git a/javascript/ql/test/library-tests/frameworks/Nest/local/customPipe.ts b/javascript/ql/test/library-tests/frameworks/Nest/local/customPipe.ts
@@ -18,33 +18,33 @@ export class CustomPropagatingPipe implements PipeTransform {
 export class Controller {
     @Get()
     sanitizingPipe1(@Query('x', CustomSanitizingPipe) sanitized: number): string {
-        return '' + sanitized; // OK
-    }
+        return '' + sanitized;  // $ responseSendArgument
+    } // $ routeHandler
 
     @Get()
     sanitizingPipe2(@Query('x', new CustomSanitizingPipe()) sanitized: number): string {
-        return '' + sanitized; // OK
-    }
+        return '' + sanitized;  // $ responseSendArgument
+    } // $ routeHandler
 
     @Get()
     @UsePipes(CustomSanitizingPipe)
     sanitizingPipe3(@Query('x') sanitized: number): string {
-        return '' + sanitized; // OK
-    }
+        return '' + sanitized;  // $ responseSendArgument
+    } // $ routeHandler
 
     @Get()
     propagatingPipe1(@Query('x', CustomPropagatingPipe) unsanitized: string): string {
-        return '' + unsanitized; // NOT OK
-    }
+        return '' + unsanitized; // $ Alert responseSendArgument
+    } // $ routeHandler
 
     @Get()
     propagatingPipe2(@Query('x', new CustomPropagatingPipe()) unsanitized: string): string {
-        return '' + unsanitized; // NOT OK
-    }
+        return '' + unsanitized; // $ Alert responseSendArgument
+    } // $ routeHandler
 
     @Get()
     @UsePipes(CustomPropagatingPipe)
     propagatingPipe3(@Query('x') unsanitized: string): string {
-        return '' + unsanitized; // NOT OK
-    }
+        return '' + unsanitized; // $ Alert responseSendArgument
+    } // $ routeHandler
 }
diff --git a/javascript/ql/test/library-tests/frameworks/Nest/local/routes.ts b/javascript/ql/test/library-tests/frameworks/Nest/local/routes.ts
@@ -5,70 +5,70 @@ export class TestController {
   @Get('foo')
   getFoo() {
     return 'foo';
-  }
+  } // $ routeHandler
 
   @Post('foo')
   postFoo() {
     return 'foo';
-  }
+  } // $ routeHandler
 
   @Get()
   getRoot() {
     return 'foo';
-  }
+  } // $ routeHandler
 
   @All('bar')
   bar() {
     return 'bar';
-  }
+  } // $ routeHandler
 
   @Get('requestInputs/:x')
   requestInputs(
     @Param('x') x,
     @Query() queryObj,
     @Query('name') name,
-    @Req() req
+    @Req() req // $ requestSource
   ) {
-    if (Math.random()) return x; // NOT OK
-    if (Math.random()) return queryObj; // NOT OK
-    if (Math.random()) return name; // NOT OK
-    if (Math.random()) return req.query.abc; // NOT OK
+    if (Math.random()) return x; // $ Alert responseSendArgument
+    if (Math.random()) return queryObj; // $ Alert responseSendArgument
+    if (Math.random()) return name; // $ Alert responseSendArgument
+    if (Math.random()) return req.query.abc; // $ Alert responseSendArgument
     return;
-  }
+  } // $ routeHandler
 
   @Post('post')
   post(@Body() body) {
-    return body.x; // NOT OK
-  }
+    return body.x; // $ Alert responseSendArgument
+  } // $ routeHandler
 
   @Get('redir')
   @Redirect('https://example.com')
   redir() {
     return {
-      url: '//other.example.com' // OK
+      url: '//other.example.com'  // $ redirectSink
     };
-  }
+  } // $ routeHandler
 
   @Get('redir')
   @Redirect('https://example.com')
   redir2(@Query('redirect') target) {
     return {
-      url: target // NOT OK
+      url: target // $ Alert redirectSink
     };
-  }
+  } // $ routeHandler
 
   @Get()
-  explicitSend(@Req() req, @Res() res) {
-    res.send(req.query.x) // NOT OK
-  }
+  explicitSend(@Req() req, @Res() res) { // $ requestSource responseSource
+    res.send(req.query.x) // $ Alert responseSource responseSendArgument
+  } // $ routeHandler
 
   @Post()
   upload(@UploadedFile() file) {
-    return file.originalname; // NOT OK
-  }
+    return file.originalname; // $ Alert responseSendArgument
+  } // $ routeHandler
 
   @Post()
   uploadMany(@UploadedFiles() files) {
-    return files[0].originalname; // NOT OK
-  }
+    return files[0].originalname; // $ Alert responseSendArgument
+  } // $ routeHandler
 }
diff --git a/javascript/ql/test/library-tests/frameworks/Nest/local/validation.ts b/javascript/ql/test/library-tests/frameworks/Nest/local/validation.ts
@@ -4,45 +4,45 @@ import { IsIn } from 'class-validator';
 export class Controller {
   @Get()
   route1(@Query('x', new ValidationPipe()) validatedObj: Struct) {
-    return validatedObj.key; // OK
-  }
+    return validatedObj.key;  // $ responseSendArgument
+  } // $ routeHandler
 
   @Get()
   route2(@Query('x', ValidationPipe) validatedObj: Struct) {
-    return validatedObj.key; // OK
-  }
+    return validatedObj.key;  // $ responseSendArgument
+  } // $ routeHandler
 
   @Get()
   @UsePipes(new ValidationPipe())
   route3(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
-    if (Math.random()) return validatedObj.key; // OK
-    return unvalidated; // NOT OK
-  }
+    if (Math.random()) return validatedObj.key;  // $ responseSendArgument
+    return unvalidated; // $ Alert responseSendArgument
+  } // $ routeHandler
 
   @Get()
   @UsePipes(ValidationPipe)
   route4(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
-    if (Math.random()) return validatedObj.key; // OK
-    return unvalidated; // NOT OK
-  }
+    if (Math.random()) return validatedObj.key;  // $ responseSendArgument
+    return unvalidated; // $ Alert responseSendArgument
+  } // $ routeHandler
 }
 
 @UsePipes(new ValidationPipe())
 export class Controller2 {
   @Get()
   route5(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
-    if (Math.random()) return validatedObj.key; // OK
-    return unvalidated; // NOT OK
-  }
+    if (Math.random()) return validatedObj.key;  // $ responseSendArgument
+    return unvalidated; // $ Alert responseSendArgument
+  } // $ routeHandler
 }
 
 @UsePipes(ValidationPipe)
 export class Controller3 {
   @Get()
   route6(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
-    if (Math.random()) return validatedObj.key; // OK
-    return unvalidated; // NOT OK
-  }
+    if (Math.random()) return validatedObj.key;  // $ responseSendArgument
+    return unvalidated; // $ Alert responseSendArgument
+  } // $ routeHandler
 }
 
 class Struct {

diff --git a/javascript/ql/test/library-tests/frameworks/Nest/test.expected b/javascript/ql/test/library-tests/frameworks/Nest/test.expected
@@ -1,6 +1,37 @@
-redirectSink
-| local/routes.ts:48:12:48:32 | '//othe ... le.com' |
-| local/routes.ts:56:12:56:17 | target |
+routeHandler
+| global/validation.ts:6:3:9:3 | route1( ... ent\\n  } |
+| local/customDecorator.ts:18:3:20:3 | sneaky( ... ent\\n  } |
+| local/customDecorator.ts:23:3:25:3 | safe(@S ... ent\\n  } |
+| local/customPipe.ts:20:5:22:5 | sanitiz ... t\\n    } |
+| local/customPipe.ts:25:5:27:5 | sanitiz ... t\\n    } |
+| local/customPipe.ts:31:5:33:5 | sanitiz ... t\\n    } |
+| local/customPipe.ts:36:5:38:5 | propaga ... t\\n    } |
+| local/customPipe.ts:41:5:43:5 | propaga ... t\\n    } |
+| local/customPipe.ts:47:5:49:5 | propaga ... t\\n    } |
+| local/routes.ts:6:3:8:3 | getFoo( ... o';\\n  } |
+| local/routes.ts:11:3:13:3 | postFoo ... o';\\n  } |
+| local/routes.ts:16:3:18:3 | getRoot ... o';\\n  } |
+| local/routes.ts:21:3:23:3 | bar() { ... r';\\n  } |
+| local/routes.ts:26:3:37:3 | request ... rn;\\n  } |
+| local/routes.ts:40:3:42:3 | post(@B ... ent\\n  } |
+| local/routes.ts:46:3:50:3 | redir() ...  };\\n  } |
+| local/routes.ts:54:3:58:3 | redir2( ...  };\\n  } |
+| local/routes.ts:61:3:63:3 | explici ... ent\\n  } |
+| local/routes.ts:66:3:68:3 | upload( ... ent\\n  } |
+| local/routes.ts:71:3:73:3 | uploadM ... ent\\n  } |
+| local/validation.ts:6:3:8:3 | route1( ... ent\\n  } |
+| local/validation.ts:11:3:13:3 | route2( ... ent\\n  } |
+| local/validation.ts:17:3:20:3 | route3( ... ent\\n  } |
+| local/validation.ts:24:3:27:3 | route4( ... ent\\n  } |
+| local/validation.ts:33:3:36:3 | route5( ... ent\\n  } |
+| local/validation.ts:42:3:45:3 | route6( ... ent\\n  } |
+requestSource
+| local/customDecorator.ts:5:21:5:51 | ctx.swi ... quest() |
+| local/routes.ts:30:12:30:14 | req |
+| local/routes.ts:61:23:61:25 | req |
+responseSource
+| local/routes.ts:61:35:61:37 | res |
+| local/routes.ts:62:5:62:25 | res.sen ... uery.x) |
 requestInputAccess
 | body | local/routes.ts:40:16:40:19 | body |
 | body | local/routes.ts:66:26:66:29 | file |
@@ -26,10 +57,6 @@ requestInputAccess
 | parameter | local/validation.ts:33:56:33:66 | unvalidated |
 | parameter | local/validation.ts:42:22:42:33 | validatedObj |
 | parameter | local/validation.ts:42:56:42:66 | unvalidated |
-requestSource
-| local/customDecorator.ts:5:21:5:51 | ctx.swi ... quest() |
-| local/routes.ts:30:12:30:14 | req |
-| local/routes.ts:61:23:61:25 | req |
 responseSendArgument
 | global/validation.ts:7:31:7:41 | unvalidated |
 | global/validation.ts:8:12:8:27 | validatedObj.key |
@@ -59,95 +86,6 @@ responseSendArgument
 | local/validation.ts:35:12:35:22 | unvalidated |
 | local/validation.ts:43:31:43:46 | validatedObj.key |
 | local/validation.ts:44:12:44:22 | unvalidated |
-responseSource
-| local/routes.ts:61:35:61:37 | res |
-| local/routes.ts:62:5:62:25 | res.sen ... uery.x) |
-routeHandler
-| global/validation.ts:6:3:9:3 | route1( ...  OK\\n  } |
-| local/customDecorator.ts:18:3:20:3 | sneaky( ...  OK\\n  } |
-| local/customDecorator.ts:23:3:25:3 | safe(@S ...  OK\\n  } |
-| local/customPipe.ts:20:5:22:5 | sanitiz ... K\\n    } |
-| local/customPipe.ts:25:5:27:5 | sanitiz ... K\\n    } |
-| local/customPipe.ts:31:5:33:5 | sanitiz ... K\\n    } |
-| local/customPipe.ts:36:5:38:5 | propaga ... K\\n    } |
-| local/customPipe.ts:41:5:43:5 | propaga ... K\\n    } |
-| local/customPipe.ts:47:5:49:5 | propaga ... K\\n    } |
-| local/routes.ts:6:3:8:3 | getFoo( ... o';\\n  } |
-| local/routes.ts:11:3:13:3 | postFoo ... o';\\n  } |
-| local/routes.ts:16:3:18:3 | getRoot ... o';\\n  } |
-| local/routes.ts:21:3:23:3 | bar() { ... r';\\n  } |
-| local/routes.ts:26:3:37:3 | request ... rn;\\n  } |
-| local/routes.ts:40:3:42:3 | post(@B ...  OK\\n  } |
-| local/routes.ts:46:3:50:3 | redir() ...  };\\n  } |
-| local/routes.ts:54:3:58:3 | redir2( ...  };\\n  } |
-| local/routes.ts:61:3:63:3 | explici ...  OK\\n  } |
-| local/routes.ts:66:3:68:3 | upload( ...  OK\\n  } |
-| local/routes.ts:71:3:73:3 | uploadM ...  OK\\n  } |
-| local/validation.ts:6:3:8:3 | route1( ...  OK\\n  } |
-| local/validation.ts:11:3:13:3 | route2( ...  OK\\n  } |
-| local/validation.ts:17:3:20:3 | route3( ...  OK\\n  } |
-| local/validation.ts:24:3:27:3 | route4( ...  OK\\n  } |
-| local/validation.ts:33:3:36:3 | route5( ...  OK\\n  } |
-| local/validation.ts:42:3:45:3 | route6( ...  OK\\n  } |
-testFailures
-| global/validation.ts:6:3:9:3 |  | Unexpected result: routeHandler |
-| global/validation.ts:7:31:7:41 |  | Unexpected result: responseSendArgument |
-| global/validation.ts:8:12:8:27 |  | Unexpected result: responseSendArgument |
-| local/customDecorator.ts:5:21:5:51 |  | Unexpected result: requestSource |
-| local/customDecorator.ts:18:3:20:3 |  | Unexpected result: routeHandler |
-| local/customDecorator.ts:19:12:19:16 |  | Unexpected result: responseSendArgument |
-| local/customDecorator.ts:23:3:25:3 |  | Unexpected result: routeHandler |
-| local/customDecorator.ts:24:12:24:16 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:20:5:22:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:21:16:21:29 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:25:5:27:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:26:16:26:29 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:31:5:33:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:32:16:32:29 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:36:5:38:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:37:16:37:31 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:41:5:43:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:42:16:42:31 |  | Unexpected result: responseSendArgument |
-| local/customPipe.ts:47:5:49:5 |  | Unexpected result: routeHandler |
-| local/customPipe.ts:48:16:48:31 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:6:3:8:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:11:3:13:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:16:3:18:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:21:3:23:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:26:3:37:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:30:12:30:14 |  | Unexpected result: requestSource |
-| local/routes.ts:32:31:32:31 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:33:31:33:38 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:34:31:34:34 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:35:31:35:43 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:40:3:42:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:41:12:41:17 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:46:3:50:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:48:12:48:32 |  | Unexpected result: redirectSink |
-| local/routes.ts:54:3:58:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:56:12:56:17 |  | Unexpected result: redirectSink |
-| local/routes.ts:61:3:63:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:61:23:61:25 |  | Unexpected result: requestSource |
-| local/routes.ts:61:35:61:37 |  | Unexpected result: responseSource |
-| local/routes.ts:62:5:62:25 |  | Unexpected result: responseSource |
-| local/routes.ts:62:14:62:24 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:66:3:68:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:67:12:67:28 |  | Unexpected result: responseSendArgument |
-| local/routes.ts:71:3:73:3 |  | Unexpected result: routeHandler |
-| local/routes.ts:72:12:72:32 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:6:3:8:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:7:12:7:27 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:11:3:13:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:12:12:12:27 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:17:3:20:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:18:31:18:46 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:19:12:19:22 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:24:3:27:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:25:31:25:46 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:26:12:26:22 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:33:3:36:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:34:31:34:46 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:35:12:35:22 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:42:3:45:3 |  | Unexpected result: routeHandler |
-| local/validation.ts:43:31:43:46 |  | Unexpected result: responseSendArgument |
-| local/validation.ts:44:12:44:22 |  | Unexpected result: responseSendArgument |
+redirectSink
+| local/routes.ts:48:12:48:32 | '//othe ... le.com' |
+| local/routes.ts:56:12:56:17 | target |