Skip to content

Commit 3e68072

Browse files
asgerfasgerf
committed
JS: Accept test case change
1 parent 18eea96 commit 3e68072

2 files changed

Lines changed: 35 additions & 1 deletion

File tree

javascript/ql/test/query-tests/Security/CWE-400/PrototypePollutionUtility.expected

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -831,13 +831,27 @@ nodes
831831
| PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
832832
| PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
833833
| PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
834+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target |
834835
| PrototypePollutionUtility/tests.js:348:40:348:45 | source |
835836
| PrototypePollutionUtility/tests.js:350:37:350:39 | key |
836837
| PrototypePollutionUtility/tests.js:350:37:350:39 | key |
838+
| PrototypePollutionUtility/tests.js:355:17:355:22 | target |
839+
| PrototypePollutionUtility/tests.js:355:17:355:22 | target |
840+
| PrototypePollutionUtility/tests.js:355:24:355:26 | key |
841+
| PrototypePollutionUtility/tests.js:355:24:355:26 | key |
842+
| PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
843+
| PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
844+
| PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
845+
| PrototypePollutionUtility/tests.js:355:53:355:58 | target |
846+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] |
847+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] |
848+
| PrototypePollutionUtility/tests.js:355:60:355:62 | key |
837849
| PrototypePollutionUtility/tests.js:355:66:355:71 | source |
838850
| PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] |
839851
| PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] |
840852
| PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] |
853+
| PrototypePollutionUtility/tests.js:357:17:357:22 | target |
854+
| PrototypePollutionUtility/tests.js:357:17:357:22 | target |
841855
| PrototypePollutionUtility/tests.js:357:24:357:26 | key |
842856
| PrototypePollutionUtility/tests.js:357:24:357:26 | key |
843857
| PrototypePollutionUtility/tests.js:357:31:357:36 | source |
@@ -2296,14 +2310,33 @@ edges
22962310
| PrototypePollutionUtility/tests.js:338:28:338:30 | src | PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
22972311
| PrototypePollutionUtility/tests.js:338:28:338:30 | src | PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
22982312
| PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] | PrototypePollutionUtility/tests.js:338:28:338:35 | src[key] |
2313+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target | PrototypePollutionUtility/tests.js:355:17:355:22 | target |
2314+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target | PrototypePollutionUtility/tests.js:355:17:355:22 | target |
2315+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target | PrototypePollutionUtility/tests.js:355:53:355:58 | target |
2316+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target | PrototypePollutionUtility/tests.js:357:17:357:22 | target |
2317+
| PrototypePollutionUtility/tests.js:348:32:348:37 | target | PrototypePollutionUtility/tests.js:357:17:357:22 | target |
22992318
| PrototypePollutionUtility/tests.js:348:40:348:45 | source | PrototypePollutionUtility/tests.js:355:66:355:71 | source |
23002319
| PrototypePollutionUtility/tests.js:348:40:348:45 | source | PrototypePollutionUtility/tests.js:357:31:357:36 | source |
2320+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:24:355:26 | key |
2321+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:24:355:26 | key |
2322+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:24:355:26 | key |
2323+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:24:355:26 | key |
2324+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:60:355:62 | key |
2325+
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:355:60:355:62 | key |
23012326
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:24:357:26 | key |
23022327
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:24:357:26 | key |
23032328
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:24:357:26 | key |
23042329
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:24:357:26 | key |
23052330
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:38:357:40 | key |
23062331
| PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:38:357:40 | key |
2332+
| PrototypePollutionUtility/tests.js:355:53:355:58 | target | PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] |
2333+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:348:32:348:37 | target |
2334+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:348:32:348:37 | target |
2335+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
2336+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
2337+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
2338+
| PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] | PrototypePollutionUtility/tests.js:355:31:355:86 | mergePl ... ptions) |
2339+
| PrototypePollutionUtility/tests.js:355:60:355:62 | key | PrototypePollutionUtility/tests.js:355:53:355:63 | target[key] |
23072340
| PrototypePollutionUtility/tests.js:355:66:355:71 | source | PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] |
23082341
| PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] | PrototypePollutionUtility/tests.js:348:40:348:45 | source |
23092342
| PrototypePollutionUtility/tests.js:355:66:355:76 | source[key] | PrototypePollutionUtility/tests.js:348:40:348:45 | source |
@@ -2854,6 +2887,7 @@ edges
28542887
| PrototypePollutionUtility/tests.js:280:13:280:15 | dst | PrototypePollutionUtility/tests.js:276:34:276:36 | key | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:276:21:276:23 | src | src | PrototypePollutionUtility/tests.js:280:13:280:15 | dst | dst |
28552888
| PrototypePollutionUtility/tests.js:308:17:308:19 | dst | PrototypePollutionUtility/tests.js:302:14:302:16 | key | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:302:21:302:23 | src | src | PrototypePollutionUtility/tests.js:308:17:308:19 | dst | dst |
28562889
| PrototypePollutionUtility/tests.js:322:17:322:19 | dst | PrototypePollutionUtility/tests.js:315:14:315:16 | key | PrototypePollutionUtility/tests.js:322:17:322:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:315:21:315:23 | src | src | PrototypePollutionUtility/tests.js:322:17:322:19 | dst | dst |
2890+
| PrototypePollutionUtility/tests.js:357:17:357:22 | target | PrototypePollutionUtility/tests.js:350:37:350:39 | key | PrototypePollutionUtility/tests.js:357:17:357:22 | target | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:350:21:350:26 | source | source | PrototypePollutionUtility/tests.js:357:17:357:22 | target | target |
28572891
| PrototypePollutionUtility/tests.js:387:13:387:15 | dst | PrototypePollutionUtility/tests.js:365:14:365:16 | key | PrototypePollutionUtility/tests.js:387:13:387:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:365:21:365:23 | obj | obj | PrototypePollutionUtility/tests.js:387:13:387:15 | dst | dst |
28582892
| PrototypePollutionUtility/tests.js:403:13:403:15 | dst | PrototypePollutionUtility/tests.js:397:14:397:16 | key | PrototypePollutionUtility/tests.js:403:13:403:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:397:21:397:23 | src | src | PrototypePollutionUtility/tests.js:403:13:403:15 | dst | dst |
28592893
| PrototypePollutionUtility/tests.js:420:13:420:15 | dst | PrototypePollutionUtility/tests.js:414:14:414:16 | key | PrototypePollutionUtility/tests.js:420:13:420:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | PrototypePollutionUtility/tests.js:414:21:414:23 | src | src | PrototypePollutionUtility/tests.js:420:13:420:15 | dst | dst |

javascript/ql/test/query-tests/Security/CWE-400/PrototypePollutionUtility/tests.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -354,7 +354,7 @@ function mergePlainObjectsOnly(target, source) {
354354
if (isNonArrayObject(source[key]) && key in target) {
355355
target[key] = mergePlainObjectsOnly(target[key], source[key], options);
356356
} else {
357-
target[key] = source[key]; // OK
357+
target[key] = source[key]; // OK - but flagged anyway
358358
}
359359
});
360360
}

0 commit comments

Comments
 (0)