Skip to content

Commit 602dae0

Browse files
asgerfasgerf
committed
JS: Add test showing FP
1 parent 36e18c2 commit 602dae0

File tree

2 files changed

+26
-5
lines changed

2 files changed

+26
-5
lines changed

javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
#select
2+
| build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
3+
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |
4+
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | This creates a build artifact that depends on $@. | build-leaks.js:40:14:40:60 | url.par ... assword | sensitive data returned byan access to current_password |
5+
| build-leaks.js:102:30:102:46 | getFilteredEnv4() | build-leaks.js:97:43:97:53 | process.env | build-leaks.js:102:30:102:46 | getFilteredEnv4() | This creates a build artifact that depends on $@. | build-leaks.js:97:43:97:53 | process.env | sensitive data returned byprocess environment |
16
edges
27
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | provenance | |
38
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | |
@@ -23,6 +28,11 @@ edges
2328
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:10 | pw | provenance | |
2429
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
2530
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | |
31+
| build-leaks.js:95:16:99:18 | ["FOO", ... }, {}) | build-leaks.js:102:30:102:46 | getFilteredEnv4() | provenance | |
32+
| build-leaks.js:97:17:97:19 | [post update] env | build-leaks.js:98:24:98:26 | env | provenance | |
33+
| build-leaks.js:97:43:97:53 | process.env | build-leaks.js:97:17:97:19 | [post update] env | provenance | Config |
34+
| build-leaks.js:98:24:98:26 | env | build-leaks.js:22:49:22:51 | env | provenance | |
35+
| build-leaks.js:98:24:98:26 | env | build-leaks.js:95:16:99:18 | ["FOO", ... }, {}) | provenance | |
2636
nodes
2737
| build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | semmle.label | {\\n " ... leak]\\n} |
2838
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) |
@@ -50,10 +60,11 @@ nodes
5060
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } |
5161
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) |
5262
| build-leaks.js:41:82:41:83 | pw | semmle.label | pw |
63+
| build-leaks.js:95:16:99:18 | ["FOO", ... }, {}) | semmle.label | ["FOO", ... }, {}) |
64+
| build-leaks.js:97:17:97:19 | [post update] env | semmle.label | [post update] env |
65+
| build-leaks.js:97:43:97:53 | process.env | semmle.label | process.env |
66+
| build-leaks.js:98:24:98:26 | env | semmle.label | env |
67+
| build-leaks.js:102:30:102:46 | getFilteredEnv4() | semmle.label | getFilteredEnv4() |
5368
subpaths
5469
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
5570
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
56-
#select
57-
| build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | {\\n " ... leak]\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
58-
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |
59-
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | This creates a build artifact that depends on $@. | build-leaks.js:40:14:40:60 | url.par ... assword | sensitive data returned byan access to current_password |

javascript/ql/test/query-tests/Security/CWE-312/build-leaks.js

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,4 +90,14 @@ var server = https.createServer(function (req, res) {
9090
}
9191

9292
new webpack.DefinePlugin(getOnlyReactVariables3());
93-
})();
93+
94+
function getFilteredEnv4() {
95+
return ["FOO", "BAR", "BAZ"]
96+
.reduce((env, key) => {
97+
env[key] = JSON.stringify(process.env[key]); // $ SPURIOUS: Source[js/build-artifact-leak]
98+
return env;
99+
}, {});
100+
}
101+
102+
new webpack.DefinePlugin(getFilteredEnv4()); // $ SPURIOUS: Alert[js/build-artifact-leak]
103+
})();

0 commit comments

Comments
 (0)