Skip to content

Commit

Permalink
JS: Update OK-style comments to $-style
Browse files Browse the repository at this point in the history
  • Loading branch information
@asgerf
asgerf committed Feb 6, 2025
1 parent 3b936d6 commit 9062a5f
Show file tree
Hide file tree
Showing 531 changed files with 4,297 additions and 4,570 deletions.
26 changes: 13 additions & 13 deletions javascript/ql/test/query-tests/AngularJS/DeadAngularJSEventListener/tst.js
View file
Original file line number Diff line number Diff line change
@@ -1,50 +1,50 @@
angular.module('myModule', [])
.controller('MyController', function($scope) {
$scope.$on('destroy', cleanup); // BAD
$scope.$on('destroy', cleanup); // $ Alert
})
.controller('MyController', ["$scope", function(s) {
s.$on('destroy', cleanup); // BAD
s.$on('destroy', cleanup); // $ Alert
}])
.controller('MyController', function($scope) {
var destroy = 'destroy';
$scope.$on(destroy, cleanup); // BAD
$scope.$on(destroy, cleanup); // $ Alert
})
.controller('MyController', function($scope) {
$scope.$on('$destroy', cleanup); // GOOD
$scope.$on('$destroy', cleanup);
})
.controller('MyController', function($scope) {
$scope.$emit('foo');
$scope.$on('foo', cleanup); // GOOD
$scope.$on('foo', cleanup);
})
.controller('MyController', function($scope) {
$scope.$on('bar', cleanup); // BAD
$scope.$on('bar', cleanup); // $ Alert
})
.controller('MyController', function($scope) {
$scope.$on('$locationChangeStart', cleanup); // OK
$scope.$on('$locationChangeStart', cleanup);
})
.controller('MyController', function($scope) {
$scope.$on('lib1.foo', cleanup); // OK
$scope.$on('lib1.foo', cleanup);
})
.controller('MyController', function($scope) {
$scope.$on('lib2:foo', cleanup); // OK
$scope.$on('lib2:foo', cleanup);
})
.controller('MyController', function($scope) {
$scope.$on('onClick', cleanup); // OK
$scope.$on('onClick', cleanup);
})
.controller('MyController', function($scope) {
function f($scope){
$scope.$emit('probablyFromUserCode1')
}
$scope.$on('probablyFromUserCode1', cleanup); // OK
$scope.$on('probablyFromUserCode1', cleanup);
})
.controller('MyController', function($scope) {
function f($scope){
var scope = $scope;
scope.$emit('probablyFromUserCode2')
}
$scope.$on('probablyFromUserCode2', cleanup); // OK
$scope.$on('probablyFromUserCode2', cleanup);
})
.controller('MyController', function($scope) {
$scope.$on('event-from-AngularJS-expression', cleanup); // GOOD
$scope.$on('event-from-AngularJS-expression', cleanup);
})
;
16 changes: 8 additions & 8 deletions javascript/ql/test/query-tests/AngularJS/DependencyMismatch/tst.js
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,36 @@
angular.module('app1', [])
.run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]); // NOT OK
.run(['dep1', 'dep2', 'dep3', function(dep1, dep3, dep2) {}]); // $ Alert

angular.module('app2')
.directive('mydirective', [ '$compile', function($compile, $http) { // NOT OK
.directive('mydirective', [ '$compile', function($compile, $http) { // $ Alert
// ...
}]);

angular.module('app1', [])
.run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]); // OK
.run(['dep1', 'dep2', 'dep3', function(dep1, dep2, dep3) {}]);

angular.module('app2')
.directive('mydirective', [ '$compile', '$http', function($compile, $http) { // OK
.directive('mydirective', [ '$compile', '$http', function($compile, $http) {
// ...
}]);

angular.module('app3', [])
.run(function(dep1, dep3) {}); // OK
.run(function(dep1, dep3) {});

angular.module('app4')
.directive('mydirective', function($compile, $http) { // OK
.directive('mydirective', function($compile, $http) {
// ...
});

angular.module('app5')
.directive('mydirective', [ 'fully.qualified.name', function(name) { // OK
.directive('mydirective', [ 'fully.qualified.name', function(name) {
// ...
}])

angular.module('app6')
.directive('mydirective', function() {
return {
link: function (scope, element, attrs) { // OK
link: function (scope, element, attrs) {
}
};
});
10 changes: 5 additions & 5 deletions javascript/ql/test/query-tests/AngularJS/DisablingSce/DisablingSce.js
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
angular.module('app', [])
.config(function($sceProvider) {
$sceProvider.enabled(false); // BAD
$sceProvider.enabled(false); // $ Alert
})
.config(['otherProvider', function($sceProvider) {
$sceProvider.enabled(false); // OK
$sceProvider.enabled(false);
}])
.config(['$sceProvider', function(x) {
x.enabled(false); // BAD
x.enabled(false); // $ Alert
}])
.config(function($sceProvider) {
$sceProvider.enabled(true); // OK
$sceProvider.enabled(true);
})
.config(function($sceProvider) {
var x = false;
$sceProvider.enabled(x); // BAD
$sceProvider.enabled(x); // $ Alert
});
22 changes: 11 additions & 11 deletions javascript/ql/test/query-tests/AngularJS/DuplicateDependency/duplicates.js
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
(function(){
function f(){}
f.$inject = ['dup5', 'dup5']; // NOT OK
f.$inject = ['dup5', 'dup5']; // $ Alert
angular.module('myModule', [])
.run(['dup1a', 'dup1a', function(dup1a, dup1a){}]) // OK (flagged by js/duplicate-parameter-name)
.run(['dup2a', 'dup2a', function(dup2a, dup2b){}]) // NOT OK
.run(['dup3b', 'dup3b', function(dup3a, dup3b){}]) // NOT OK
.run(['dup4', 'notDup4A', 'dup4', function(notDup4B, dup4, notDup4C){}]) // NOT OK
.run(['dup1a', 'dup1a', function(dup1a, dup1a){}]) // OK - flagged by js/duplicate-parameter-name
.run(['dup2a', 'dup2a', function(dup2a, dup2b){}]) // $ Alert
.run(['dup3b', 'dup3b', function(dup3a, dup3b){}]) // $ Alert
.run(['dup4', 'notDup4A', 'dup4', function(notDup4B, dup4, notDup4C){}]) // $ Alert
.run(f)
.run(function(dup6, dup6){})// OK (flagged by js/duplicate-parameter-name)
.run(function(notDup7a, notDup7b){}) // OK
.run(['notDup8a', 'notDup8b', function(notDup8a, notDup8b){}]) // OK
.run(['notDup9a', 'notDup9b', function(notDup9c, notDup9d){}]) // OK
.run(['dup10a', 'dup10a', 'dup10a', function(dup10a, dup10a, dup10a){}]) // OK (flagged by js/duplicate-parameter-name)
.run(['dup11a', 'dup11a', function(dup11a, dup11b){ // NOT OK (alert formatting for multi-line function)
.run(function(dup6, dup6){})// OK - flagged by js/duplicate-parameter-name
.run(function(notDup7a, notDup7b){})
.run(['notDup8a', 'notDup8b', function(notDup8a, notDup8b){}])
.run(['notDup9a', 'notDup9b', function(notDup9c, notDup9d){}])
.run(['dup10a', 'dup10a', 'dup10a', function(dup10a, dup10a, dup10a){}]) // OK - flagged by js/duplicate-parameter-name
.run(['dup11a', 'dup11a', function(dup11a, dup11b){ // $ Alert - alert formatting for multi-line function
}])
;
})();
116 changes: 58 additions & 58 deletions javascript/ql/test/query-tests/AngularJS/IncompatibleService/angular-incompatible-service.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,68 +11,68 @@ angular.module('myModule', [])
;

angular.module('myModule2', [])
.controller('c0', function(factoryId){}) // OK
.controller('c1', function(serviceId){}) // OK
.controller('c2', function(valueId){}) // OK
.controller('c3', function(constantId){}) // OK
.controller('c4', function(providerId){}) // OK
.controller('c5', function($http){}) // OK
.controller('c6', function($provider){}) // NOT OK
.controller('c7', function($scope){}) // OK
.controller('c8', function($compile){}) // OK
.controller('c9', function(UNKNOWN){}) // OK
.controller('c10', function(providerIdProvider){}) // NOT OK
.controller('c11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
.controller('c12', function($provide){}) // OK (special case)
.controller('c13', function(providerId2Provider){}) // NOT OK
.controller('c0', function(factoryId){})
.controller('c1', function(serviceId){})
.controller('c2', function(valueId){})
.controller('c3', function(constantId){})
.controller('c4', function(providerId){})
.controller('c5', function($http){})
.controller('c6', function($provider){}) // $ Alert
.controller('c7', function($scope){})
.controller('c8', function($compile){})
.controller('c9', function(UNKNOWN){})
.controller('c10', function(providerIdProvider){}) // $ Alert
.controller('c11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
.controller('c12', function($provide){}) // OK - special case
.controller('c13', function(providerId2Provider){}) // $ Alert

.factory('s0', function(factoryId){}) // OK
.factory('s1', function(serviceId){}) // OK
.factory('s2', function(valueId){}) // OK
.factory('s3', function(constantId){}) // OK
.factory('s4', function(providerId){}) // OK
.factory('s5', function($http){}) // OK
.factory('s6', function($provider){}) // NOT OK
.factory('s7', function($scope){}) // NOT OK
.factory('s8', function($compile){}) // OK
.factory('s9', function(UNKNOWN){}) // OK
.factory('s10', function(providerIdProvider){}) // NOT OK
.factory('s11', function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
.factory('s12', function($provide){}) // OK (special case)
.factory('s13', function(providerId2Provider){}) // NOT OK
.factory('s0', function(factoryId){})
.factory('s1', function(serviceId){})
.factory('s2', function(valueId){})
.factory('s3', function(constantId){})
.factory('s4', function(providerId){})
.factory('s5', function($http){})
.factory('s6', function($provider){}) // $ Alert
.factory('s7', function($scope){}) // $ Alert
.factory('s8', function($compile){})
.factory('s9', function(UNKNOWN){})
.factory('s10', function(providerIdProvider){}) // $ Alert
.factory('s11', function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
.factory('s12', function($provide){}) // OK - special case
.factory('s13', function(providerId2Provider){}) // $ Alert

.run(function(factoryId){}) // OK
.run(function(serviceId){}) // OK
.run(function(valueId){}) // OK
.run(function(constantId){}) // OK
.run(function(providerId){}) // OK
.run(function($http){}) // OK
.run(function($provider){}) // NOT OK
.run(function($scope){}) // NOT OK
.run(function($compile){}) // OK
.run(function(UNKNOWN){}) // OK
.run(function(providerIdProvider){}) // NOT OK
.run(function(providerIdProvider, UNKNOWN){}) // NOT OK, but only one error
.run(function($provide){}) // OK (special case)
.run(function(providerId2Provider){}) // NOT OK
.run(function(factoryId){})
.run(function(serviceId){})
.run(function(valueId){})
.run(function(constantId){})
.run(function(providerId){})
.run(function($http){})
.run(function($provider){}) // $ Alert
.run(function($scope){}) // $ Alert
.run(function($compile){})
.run(function(UNKNOWN){})
.run(function(providerIdProvider){}) // $ Alert
.run(function(providerIdProvider, UNKNOWN){}) // $ Alert - but only one error
.run(function($provide){}) // OK - special case
.run(function(providerId2Provider){}) // $ Alert

.config(function(factoryId){}) // NOT OK
.config(function(serviceId){}) // NOT OK
.config(function(valueId){}) // NOT OK
.config(function(constantId){}) // OK
.config(function(providerId){}) // NOT OK
.config(function($http){}) // NOT OK
.config(function($provider){}) // OK
.config(function($scope){}) // NOT OK
.config(function($compile){}) // OK
.config(function(UNKNOWN){}) // OK
.config(function(providerIdProvider){}) // OK
.config(function(providerId, UNKNOWN){}) // NOT OK, but only one error
.config(function($provide){}) // OK (special case)
.config(function(valueId2){}) // NOT OK
.config(function(factoryId){}) // $ Alert
.config(function(serviceId){}) // $ Alert
.config(function(valueId){}) // $ Alert
.config(function(constantId){})
.config(function(providerId){}) // $ Alert
.config(function($http){}) // $ Alert
.config(function($provider){})
.config(function($scope){}) // $ Alert
.config(function($compile){})
.config(function(UNKNOWN){})
.config(function(providerIdProvider){})
.config(function(providerId, UNKNOWN){}) // $ Alert - but only one error
.config(function($provide){}) // OK - special case
.config(function(valueId2){}) // $ Alert

// service: same restrcitions as .factory
.service('s14', function(factoryId){}) // OK
.service('s15', function($provider){}) // NOT OK
.service('s14', function(factoryId){})
.service('s15', function($provider){}) // $ Alert

;
30 changes: 15 additions & 15 deletions javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
angular.module('myApp', [])
.config(function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
"**://example.com/*", // BAD (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
"*://example.org/*", // BAD (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
"https://**.example.com/*", // BAD (exploit: https://evil.com/?ignore=://example.com/a)
"https://example.**", // BAD (exploit: https://example.evil.com or http://example.:[email protected])
"https://example.*", // BAD (exploit: https://example.UnexpectedTLD)
"**://example.com/*", // $ Alert - (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
"*://example.org/*", // $ Alert - (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
"https://**.example.com/*", // $ Alert - exploit: https://evil.com/?ignore=://example.com/a
"https://example.**", // $ Alert - exploit: https://example.evil.com or http://example.:[email protected]
"https://example.*", // $ Alert - exploit: https://example.UnexpectedTLD

"https://example.com", // OK
"https://example.com/**", // OK
"https://example.com/*", // OK
"https://example.com/foo/*", // OK
"https://example.com/foo/**", // OK
"https://example.com/foo/*/bar", // OK
"https://example.com/foo/**/bar", // OK
"https://example.com/?**", // OK
"https://example.com/?**://example.com", // OK
"https://example.com",
"https://example.com/**",
"https://example.com/*",
"https://example.com/foo/*",
"https://example.com/foo/**",
"https://example.com/foo/*/bar",
"https://example.com/foo/**/bar",
"https://example.com/?**",
"https://example.com/?**://example.com",
"https://*.example.com",

// not flagged:
/http:\/\/www.example.org/g // BAD (exploit http://wwwaexample.org (dots are not escaped))
/http:\/\/www.example.org/g // $ Alert - (exploit http://wwwaexample.org (dots are not escaped))
]);
});
22 changes: 11 additions & 11 deletions ...ript/ql/test/query-tests/AngularJS/MissingExplicitInjection/missing-explicit-injection.js
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,42 @@
(function(){
function injected1(name){} // NOT OK
function injected1(name){} // $ Alert
angular.module('app1').controller('controller1', injected1);

function injected2(name){} // OK
function injected2(name){}
injected2.$inject = ['name'];
angular.module('app2').controller('controller2', injected2);

function injected3(name){} // OK
function injected3(name){}
angular.module('app3').controller('controller3', ['name', injected3]);

angular.module('app4').controller('controller4', function(){}); // OK
angular.module('app4').controller('controller4', function(){});

angular.module('app5').controller('controller5', function(name){}); // NOT OK
angular.module('app5').controller('controller5', function(name){}); // $ Alert

function injected6(){} // OK
function injected6(){}
angular.module('app6').controller('controller6', injected6);

function notInjected7(name){} // OK
function notInjected7(name){}
var obj7 = {
controller: notInjected7
};

function injected8(name){} // OK (false negative: we do not track through properties)
function injected8(name){} // OK - false negative: we do not track through properties
var obj8 = {
controller: injected8
};
angular.module('app8').controller('controller8', obj8.controller);

var $injector = angular.injector();

function injected9(name){} // NOT OK
function injected9(name){} // $ Alert
$injector.invoke(injected9)

function injected10(name){} // OK
function injected10(name){}
injected10.$inject = ['name'];
$injector.invoke(injected10)

function injected11(name){} // OK
function injected11(name){}
$injector.invoke(['name', injected11])

})();
Loading

0 comments on commit 9062a5f

Please sign in to comment.