Skip to content

Commit 34e20d4

Browse files
asgerfasgerf
committed
JS: Update with inline test expectations
1 parent 3b96450 commit 34e20d4

File tree

6 files changed

+96
-158
lines changed

6 files changed

+96
-158
lines changed

javascript/ql/test/library-tests/frameworks/Nest/global/validation.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@ import { IsIn } from 'class-validator';
44
export class Controller {
55
@Get()
66
route1(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
7-
if (Math.random()) return unvalidated; // NOT OK
8-
return validatedObj.key; // OK
9-
}
7+
if (Math.random()) return unvalidated; // $ Alert responseSendArgument
8+
return validatedObj.key; // $ responseSendArgument
9+
} // $ routeHandler
1010
}
1111

1212
class Struct {

javascript/ql/test/library-tests/frameworks/Nest/local/customDecorator.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ import { Get, createParamDecorator, ExecutionContext } from '@nestjs/common';
22

33
export const SneakyQueryParam = createParamDecorator(
44
(data: unknown, ctx: ExecutionContext) => {
5-
const request = ctx.switchToHttp().getRequest();
5+
const request = ctx.switchToHttp().getRequest(); // $ requestSource
66
return request.query.sneakyQueryParam;
77
},
88
);
@@ -16,11 +16,11 @@ export const SafeParam = createParamDecorator(
1616
export class Controller {
1717
@Get()
1818
sneaky(@SneakyQueryParam() value) {
19-
return value; // NOT OK
20-
}
19+
return value; // $ Alert responseSendArgument
20+
} // $ routeHandler
2121

2222
@Get()
2323
safe(@SafeParam() value) {
24-
return value; // OK
25-
}
24+
return value; // $ responseSendArgument
25+
} // $ routeHandler
2626
}

javascript/ql/test/library-tests/frameworks/Nest/local/customPipe.ts

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,33 +18,33 @@ export class CustomPropagatingPipe implements PipeTransform {
1818
export class Controller {
1919
@Get()
2020
sanitizingPipe1(@Query('x', CustomSanitizingPipe) sanitized: number): string {
21-
return '' + sanitized; // OK
22-
}
21+
return '' + sanitized; // $ responseSendArgument
22+
} // $ routeHandler
2323

2424
@Get()
2525
sanitizingPipe2(@Query('x', new CustomSanitizingPipe()) sanitized: number): string {
26-
return '' + sanitized; // OK
27-
}
26+
return '' + sanitized; // $ responseSendArgument
27+
} // $ routeHandler
2828

2929
@Get()
3030
@UsePipes(CustomSanitizingPipe)
3131
sanitizingPipe3(@Query('x') sanitized: number): string {
32-
return '' + sanitized; // OK
33-
}
32+
return '' + sanitized; // $ responseSendArgument
33+
} // $ routeHandler
3434

3535
@Get()
3636
propagatingPipe1(@Query('x', CustomPropagatingPipe) unsanitized: string): string {
37-
return '' + unsanitized; // NOT OK
38-
}
37+
return '' + unsanitized; // $ Alert responseSendArgument
38+
} // $ routeHandler
3939

4040
@Get()
4141
propagatingPipe2(@Query('x', new CustomPropagatingPipe()) unsanitized: string): string {
42-
return '' + unsanitized; // NOT OK
43-
}
42+
return '' + unsanitized; // $ Alert responseSendArgument
43+
} // $ routeHandler
4444

4545
@Get()
4646
@UsePipes(CustomPropagatingPipe)
4747
propagatingPipe3(@Query('x') unsanitized: string): string {
48-
return '' + unsanitized; // NOT OK
49-
}
48+
return '' + unsanitized; // $ Alert responseSendArgument
49+
} // $ routeHandler
5050
}

javascript/ql/test/library-tests/frameworks/Nest/local/routes.ts

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,70 +5,70 @@ export class TestController {
55
@Get('foo')
66
getFoo() {
77
return 'foo';
8-
}
8+
} // $ routeHandler
99

1010
@Post('foo')
1111
postFoo() {
1212
return 'foo';
13-
}
13+
} // $ routeHandler
1414

1515
@Get()
1616
getRoot() {
1717
return 'foo';
18-
}
18+
} // $ routeHandler
1919

2020
@All('bar')
2121
bar() {
2222
return 'bar';
23-
}
23+
} // $ routeHandler
2424

2525
@Get('requestInputs/:x')
2626
requestInputs(
2727
@Param('x') x,
2828
@Query() queryObj,
2929
@Query('name') name,
30-
@Req() req
30+
@Req() req // $ requestSource
3131
) {
32-
if (Math.random()) return x; // NOT OK
33-
if (Math.random()) return queryObj; // NOT OK
34-
if (Math.random()) return name; // NOT OK
35-
if (Math.random()) return req.query.abc; // NOT OK
32+
if (Math.random()) return x; // $ Alert responseSendArgument
33+
if (Math.random()) return queryObj; // $ Alert responseSendArgument
34+
if (Math.random()) return name; // $ Alert responseSendArgument
35+
if (Math.random()) return req.query.abc; // $ Alert responseSendArgument
3636
return;
37-
}
37+
} // $ routeHandler
3838

3939
@Post('post')
4040
post(@Body() body) {
41-
return body.x; // NOT OK
42-
}
41+
return body.x; // $ Alert responseSendArgument
42+
} // $ routeHandler
4343

4444
@Get('redir')
4545
@Redirect('https://example.com')
4646
redir() {
4747
return {
48-
url: '//other.example.com' // OK
48+
url: '//other.example.com' // $ redirectSink
4949
};
50-
}
50+
} // $ routeHandler
5151

5252
@Get('redir')
5353
@Redirect('https://example.com')
5454
redir2(@Query('redirect') target) {
5555
return {
56-
url: target // NOT OK
56+
url: target // $ Alert redirectSink
5757
};
58-
}
58+
} // $ routeHandler
5959

6060
@Get()
61-
explicitSend(@Req() req, @Res() res) {
62-
res.send(req.query.x) // NOT OK
63-
}
61+
explicitSend(@Req() req, @Res() res) { // $ requestSource responseSource
62+
res.send(req.query.x) // $ Alert responseSource responseSendArgument
63+
} // $ routeHandler
6464

6565
@Post()
6666
upload(@UploadedFile() file) {
67-
return file.originalname; // NOT OK
68-
}
67+
return file.originalname; // $ Alert responseSendArgument
68+
} // $ routeHandler
6969

7070
@Post()
7171
uploadMany(@UploadedFiles() files) {
72-
return files[0].originalname; // NOT OK
73-
}
72+
return files[0].originalname; // $ Alert responseSendArgument
73+
} // $ routeHandler
7474
}

javascript/ql/test/library-tests/frameworks/Nest/local/validation.ts

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,45 +4,45 @@ import { IsIn } from 'class-validator';
44
export class Controller {
55
@Get()
66
route1(@Query('x', new ValidationPipe()) validatedObj: Struct) {
7-
return validatedObj.key; // OK
8-
}
7+
return validatedObj.key; // $ responseSendArgument
8+
} // $ routeHandler
99

1010
@Get()
1111
route2(@Query('x', ValidationPipe) validatedObj: Struct) {
12-
return validatedObj.key; // OK
13-
}
12+
return validatedObj.key; // $ responseSendArgument
13+
} // $ routeHandler
1414

1515
@Get()
1616
@UsePipes(new ValidationPipe())
1717
route3(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
18-
if (Math.random()) return validatedObj.key; // OK
19-
return unvalidated; // NOT OK
20-
}
18+
if (Math.random()) return validatedObj.key; // $ responseSendArgument
19+
return unvalidated; // $ Alert responseSendArgument
20+
} // $ routeHandler
2121

2222
@Get()
2323
@UsePipes(ValidationPipe)
2424
route4(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
25-
if (Math.random()) return validatedObj.key; // OK
26-
return unvalidated; // NOT OK
27-
}
25+
if (Math.random()) return validatedObj.key; // $ responseSendArgument
26+
return unvalidated; // $ Alert responseSendArgument
27+
} // $ routeHandler
2828
}
2929

3030
@UsePipes(new ValidationPipe())
3131
export class Controller2 {
3232
@Get()
3333
route5(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
34-
if (Math.random()) return validatedObj.key; // OK
35-
return unvalidated; // NOT OK
36-
}
34+
if (Math.random()) return validatedObj.key; // $ responseSendArgument
35+
return unvalidated; // $ Alert responseSendArgument
36+
} // $ routeHandler
3737
}
3838

3939
@UsePipes(ValidationPipe)
4040
export class Controller3 {
4141
@Get()
4242
route6(@Query('x') validatedObj: Struct, @Query('y') unvalidated: string) {
43-
if (Math.random()) return validatedObj.key; // OK
44-
return unvalidated; // NOT OK
45-
}
43+
if (Math.random()) return validatedObj.key; // $ responseSendArgument
44+
return unvalidated; // $ Alert responseSendArgument
45+
} // $ routeHandler
4646
}
4747

4848
class Struct {

javascript/ql/test/library-tests/frameworks/Nest/test.expected

Lines changed: 37 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,37 @@
1-
redirectSink
2-
| local/routes.ts:48:12:48:32 | '//othe ... le.com' |
3-
| local/routes.ts:56:12:56:17 | target |
1+
routeHandler
2+
| global/validation.ts:6:3:9:3 | route1( ... ent\\n } |
3+
| local/customDecorator.ts:18:3:20:3 | sneaky( ... ent\\n } |
4+
| local/customDecorator.ts:23:3:25:3 | safe(@S ... ent\\n } |
5+
| local/customPipe.ts:20:5:22:5 | sanitiz ... t\\n } |
6+
| local/customPipe.ts:25:5:27:5 | sanitiz ... t\\n } |
7+
| local/customPipe.ts:31:5:33:5 | sanitiz ... t\\n } |
8+
| local/customPipe.ts:36:5:38:5 | propaga ... t\\n } |
9+
| local/customPipe.ts:41:5:43:5 | propaga ... t\\n } |
10+
| local/customPipe.ts:47:5:49:5 | propaga ... t\\n } |
11+
| local/routes.ts:6:3:8:3 | getFoo( ... o';\\n } |
12+
| local/routes.ts:11:3:13:3 | postFoo ... o';\\n } |
13+
| local/routes.ts:16:3:18:3 | getRoot ... o';\\n } |
14+
| local/routes.ts:21:3:23:3 | bar() { ... r';\\n } |
15+
| local/routes.ts:26:3:37:3 | request ... rn;\\n } |
16+
| local/routes.ts:40:3:42:3 | post(@B ... ent\\n } |
17+
| local/routes.ts:46:3:50:3 | redir() ... };\\n } |
18+
| local/routes.ts:54:3:58:3 | redir2( ... };\\n } |
19+
| local/routes.ts:61:3:63:3 | explici ... ent\\n } |
20+
| local/routes.ts:66:3:68:3 | upload( ... ent\\n } |
21+
| local/routes.ts:71:3:73:3 | uploadM ... ent\\n } |
22+
| local/validation.ts:6:3:8:3 | route1( ... ent\\n } |
23+
| local/validation.ts:11:3:13:3 | route2( ... ent\\n } |
24+
| local/validation.ts:17:3:20:3 | route3( ... ent\\n } |
25+
| local/validation.ts:24:3:27:3 | route4( ... ent\\n } |
26+
| local/validation.ts:33:3:36:3 | route5( ... ent\\n } |
27+
| local/validation.ts:42:3:45:3 | route6( ... ent\\n } |
28+
requestSource
29+
| local/customDecorator.ts:5:21:5:51 | ctx.swi ... quest() |
30+
| local/routes.ts:30:12:30:14 | req |
31+
| local/routes.ts:61:23:61:25 | req |
32+
responseSource
33+
| local/routes.ts:61:35:61:37 | res |
34+
| local/routes.ts:62:5:62:25 | res.sen ... uery.x) |
435
requestInputAccess
536
| body | local/routes.ts:40:16:40:19 | body |
637
| body | local/routes.ts:66:26:66:29 | file |
@@ -26,10 +57,6 @@ requestInputAccess
2657
| parameter | local/validation.ts:33:56:33:66 | unvalidated |
2758
| parameter | local/validation.ts:42:22:42:33 | validatedObj |
2859
| parameter | local/validation.ts:42:56:42:66 | unvalidated |
29-
requestSource
30-
| local/customDecorator.ts:5:21:5:51 | ctx.swi ... quest() |
31-
| local/routes.ts:30:12:30:14 | req |
32-
| local/routes.ts:61:23:61:25 | req |
3360
responseSendArgument
3461
| global/validation.ts:7:31:7:41 | unvalidated |
3562
| global/validation.ts:8:12:8:27 | validatedObj.key |
@@ -59,95 +86,6 @@ responseSendArgument
5986
| local/validation.ts:35:12:35:22 | unvalidated |
6087
| local/validation.ts:43:31:43:46 | validatedObj.key |
6188
| local/validation.ts:44:12:44:22 | unvalidated |
62-
responseSource
63-
| local/routes.ts:61:35:61:37 | res |
64-
| local/routes.ts:62:5:62:25 | res.sen ... uery.x) |
65-
routeHandler
66-
| global/validation.ts:6:3:9:3 | route1( ... OK\\n } |
67-
| local/customDecorator.ts:18:3:20:3 | sneaky( ... OK\\n } |
68-
| local/customDecorator.ts:23:3:25:3 | safe(@S ... OK\\n } |
69-
| local/customPipe.ts:20:5:22:5 | sanitiz ... K\\n } |
70-
| local/customPipe.ts:25:5:27:5 | sanitiz ... K\\n } |
71-
| local/customPipe.ts:31:5:33:5 | sanitiz ... K\\n } |
72-
| local/customPipe.ts:36:5:38:5 | propaga ... K\\n } |
73-
| local/customPipe.ts:41:5:43:5 | propaga ... K\\n } |
74-
| local/customPipe.ts:47:5:49:5 | propaga ... K\\n } |
75-
| local/routes.ts:6:3:8:3 | getFoo( ... o';\\n } |
76-
| local/routes.ts:11:3:13:3 | postFoo ... o';\\n } |
77-
| local/routes.ts:16:3:18:3 | getRoot ... o';\\n } |
78-
| local/routes.ts:21:3:23:3 | bar() { ... r';\\n } |
79-
| local/routes.ts:26:3:37:3 | request ... rn;\\n } |
80-
| local/routes.ts:40:3:42:3 | post(@B ... OK\\n } |
81-
| local/routes.ts:46:3:50:3 | redir() ... };\\n } |
82-
| local/routes.ts:54:3:58:3 | redir2( ... };\\n } |
83-
| local/routes.ts:61:3:63:3 | explici ... OK\\n } |
84-
| local/routes.ts:66:3:68:3 | upload( ... OK\\n } |
85-
| local/routes.ts:71:3:73:3 | uploadM ... OK\\n } |
86-
| local/validation.ts:6:3:8:3 | route1( ... OK\\n } |
87-
| local/validation.ts:11:3:13:3 | route2( ... OK\\n } |
88-
| local/validation.ts:17:3:20:3 | route3( ... OK\\n } |
89-
| local/validation.ts:24:3:27:3 | route4( ... OK\\n } |
90-
| local/validation.ts:33:3:36:3 | route5( ... OK\\n } |
91-
| local/validation.ts:42:3:45:3 | route6( ... OK\\n } |
92-
testFailures
93-
| global/validation.ts:6:3:9:3 | | Unexpected result: routeHandler |
94-
| global/validation.ts:7:31:7:41 | | Unexpected result: responseSendArgument |
95-
| global/validation.ts:8:12:8:27 | | Unexpected result: responseSendArgument |
96-
| local/customDecorator.ts:5:21:5:51 | | Unexpected result: requestSource |
97-
| local/customDecorator.ts:18:3:20:3 | | Unexpected result: routeHandler |
98-
| local/customDecorator.ts:19:12:19:16 | | Unexpected result: responseSendArgument |
99-
| local/customDecorator.ts:23:3:25:3 | | Unexpected result: routeHandler |
100-
| local/customDecorator.ts:24:12:24:16 | | Unexpected result: responseSendArgument |
101-
| local/customPipe.ts:20:5:22:5 | | Unexpected result: routeHandler |
102-
| local/customPipe.ts:21:16:21:29 | | Unexpected result: responseSendArgument |
103-
| local/customPipe.ts:25:5:27:5 | | Unexpected result: routeHandler |
104-
| local/customPipe.ts:26:16:26:29 | | Unexpected result: responseSendArgument |
105-
| local/customPipe.ts:31:5:33:5 | | Unexpected result: routeHandler |
106-
| local/customPipe.ts:32:16:32:29 | | Unexpected result: responseSendArgument |
107-
| local/customPipe.ts:36:5:38:5 | | Unexpected result: routeHandler |
108-
| local/customPipe.ts:37:16:37:31 | | Unexpected result: responseSendArgument |
109-
| local/customPipe.ts:41:5:43:5 | | Unexpected result: routeHandler |
110-
| local/customPipe.ts:42:16:42:31 | | Unexpected result: responseSendArgument |
111-
| local/customPipe.ts:47:5:49:5 | | Unexpected result: routeHandler |
112-
| local/customPipe.ts:48:16:48:31 | | Unexpected result: responseSendArgument |
113-
| local/routes.ts:6:3:8:3 | | Unexpected result: routeHandler |
114-
| local/routes.ts:11:3:13:3 | | Unexpected result: routeHandler |
115-
| local/routes.ts:16:3:18:3 | | Unexpected result: routeHandler |
116-
| local/routes.ts:21:3:23:3 | | Unexpected result: routeHandler |
117-
| local/routes.ts:26:3:37:3 | | Unexpected result: routeHandler |
118-
| local/routes.ts:30:12:30:14 | | Unexpected result: requestSource |
119-
| local/routes.ts:32:31:32:31 | | Unexpected result: responseSendArgument |
120-
| local/routes.ts:33:31:33:38 | | Unexpected result: responseSendArgument |
121-
| local/routes.ts:34:31:34:34 | | Unexpected result: responseSendArgument |
122-
| local/routes.ts:35:31:35:43 | | Unexpected result: responseSendArgument |
123-
| local/routes.ts:40:3:42:3 | | Unexpected result: routeHandler |
124-
| local/routes.ts:41:12:41:17 | | Unexpected result: responseSendArgument |
125-
| local/routes.ts:46:3:50:3 | | Unexpected result: routeHandler |
126-
| local/routes.ts:48:12:48:32 | | Unexpected result: redirectSink |
127-
| local/routes.ts:54:3:58:3 | | Unexpected result: routeHandler |
128-
| local/routes.ts:56:12:56:17 | | Unexpected result: redirectSink |
129-
| local/routes.ts:61:3:63:3 | | Unexpected result: routeHandler |
130-
| local/routes.ts:61:23:61:25 | | Unexpected result: requestSource |
131-
| local/routes.ts:61:35:61:37 | | Unexpected result: responseSource |
132-
| local/routes.ts:62:5:62:25 | | Unexpected result: responseSource |
133-
| local/routes.ts:62:14:62:24 | | Unexpected result: responseSendArgument |
134-
| local/routes.ts:66:3:68:3 | | Unexpected result: routeHandler |
135-
| local/routes.ts:67:12:67:28 | | Unexpected result: responseSendArgument |
136-
| local/routes.ts:71:3:73:3 | | Unexpected result: routeHandler |
137-
| local/routes.ts:72:12:72:32 | | Unexpected result: responseSendArgument |
138-
| local/validation.ts:6:3:8:3 | | Unexpected result: routeHandler |
139-
| local/validation.ts:7:12:7:27 | | Unexpected result: responseSendArgument |
140-
| local/validation.ts:11:3:13:3 | | Unexpected result: routeHandler |
141-
| local/validation.ts:12:12:12:27 | | Unexpected result: responseSendArgument |
142-
| local/validation.ts:17:3:20:3 | | Unexpected result: routeHandler |
143-
| local/validation.ts:18:31:18:46 | | Unexpected result: responseSendArgument |
144-
| local/validation.ts:19:12:19:22 | | Unexpected result: responseSendArgument |
145-
| local/validation.ts:24:3:27:3 | | Unexpected result: routeHandler |
146-
| local/validation.ts:25:31:25:46 | | Unexpected result: responseSendArgument |
147-
| local/validation.ts:26:12:26:22 | | Unexpected result: responseSendArgument |
148-
| local/validation.ts:33:3:36:3 | | Unexpected result: routeHandler |
149-
| local/validation.ts:34:31:34:46 | | Unexpected result: responseSendArgument |
150-
| local/validation.ts:35:12:35:22 | | Unexpected result: responseSendArgument |
151-
| local/validation.ts:42:3:45:3 | | Unexpected result: routeHandler |
152-
| local/validation.ts:43:31:43:46 | | Unexpected result: responseSendArgument |
153-
| local/validation.ts:44:12:44:22 | | Unexpected result: responseSendArgument |
89+
redirectSink
90+
| local/routes.ts:48:12:48:32 | '//othe ... le.com' |
91+
| local/routes.ts:56:12:56:17 | target |

0 commit comments

Comments
 (0)