Javascript: Accept test changes (regression).

geoffw0 · geoffw0 · commit ea711b032bc4 · 2026-05-07T10:13:09.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -9,6 +9,9 @@
 | passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password |
 | passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password |
 | passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password |
+| passwords.js:41:17:41:37 | {passwo ... pt(pw)} | passwords.js:41:28:41:36 | crypt(pw) | passwords.js:41:17:41:37 | {passwo ... pt(pw)} | This logs sensitive data returned by $@ as clear text. | passwords.js:41:28:41:36 | crypt(pw) | an access to password |
+| passwords.js:43:17:43:40 | actuall ... assword | passwords.js:43:17:43:40 | actuall ... assword | passwords.js:43:17:43:40 | actuall ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:43:17:43:40 | actuall ... assword | an access to actually_secure_password |
+| passwords.js:47:17:47:21 | user1 | passwords.js:46:30:46:32 | x() | passwords.js:47:17:47:21 | user1 | This logs sensitive data returned by $@ as clear text. | passwords.js:46:30:46:32 | x() | an access to crypted_password |
 | passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password |
 | passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | This logs sensitive data returned by $@ as clear text. | passwords.js:80:18:80:25 | password | an access to password |
 | passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:93:39:93:46 | password | an access to password |
@@ -52,6 +55,9 @@ edges
 | passwords.js:23:9:23:12 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance |  |
 | passwords.js:23:16:25:5 | {\\n      ... ]\\n    } [x] | passwords.js:23:9:23:12 | obj2 [x] | provenance |  |
 | passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n      ... ]\\n    } [x] | provenance |  |
+| passwords.js:41:28:41:36 | crypt(pw) | passwords.js:41:17:41:37 | {passwo ... pt(pw)} | provenance |  |
+| passwords.js:46:5:46:9 | [post update] user1 [crypted_password] | passwords.js:47:17:47:21 | user1 | provenance |  |
+| passwords.js:46:30:46:32 | x() | passwords.js:46:5:46:9 | [post update] user1 [crypted_password] | provenance |  |
 | passwords.js:77:9:77:12 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance |  |
 | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:12 | temp [encryptedPassword] | provenance |  |
 | passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance |  |
@@ -139,6 +145,12 @@ nodes
 | passwords.js:23:16:25:5 | {\\n      ... ]\\n    } [x] | semmle.label | {\\n      ... ]\\n    } [x] |
 | passwords.js:24:12:24:19 | password | semmle.label | password |
 | passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 |
+| passwords.js:41:17:41:37 | {passwo ... pt(pw)} | semmle.label | {passwo ... pt(pw)} |
+| passwords.js:41:28:41:36 | crypt(pw) | semmle.label | crypt(pw) |
+| passwords.js:43:17:43:40 | actuall ... assword | semmle.label | actuall ... assword |
+| passwords.js:46:5:46:9 | [post update] user1 [crypted_password] | semmle.label | [post update] user1 [crypted_password] |
+| passwords.js:46:30:46:32 | x() | semmle.label | x() |
+| passwords.js:47:17:47:21 | user1 | semmle.label | user1 |
 | passwords.js:77:9:77:12 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] |
 | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] |
 | passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password |
diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords.js
@@ -38,13 +38,13 @@
     console.log(login.wrappedJSObject.encryptedPassword);
     console.log(HTML5QQ.encodedPassword);
 
-    console.log({password: crypt(pw)});
+    console.log({password: crypt(pw)}); // $ SPURIOUS: Alert[js/clear-text-logging]
     var actually_secure_password = crypt(password);
-    console.log(actually_secure_password);
+    console.log(actually_secure_password); // $ SPURIOUS: Alert[js/clear-text-logging]
 
     var user1 = {};
-    user1.crypted_password = x();
-    console.log(user1);
+    user1.crypted_password = x(); // $ SPURIOUS: Source[js/clear-text-logging]
+    console.log(user1); // $ SPURIOUS: Alert[js/clear-text-logging]
 
     var user2 = {};
     user2.password = hash();
