add tests for new where condition, update expected test results

am0o0 · am0o0 · commit e4ffdb848e57 · 2024-06-06T14:30:06.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
@@ -332,6 +332,12 @@ nodes
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" |
 | HardcodedCredentials.js:403:27:403:35 | secretKey |
 | HardcodedCredentials.js:403:27:403:35 | secretKey |
+| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
+| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
 edges
 | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
 | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
@@ -506,6 +512,8 @@ edges
 | HardcodedCredentials.js:401:9:401:43 | secretKey | HardcodedCredentials.js:403:27:403:35 | secretKey |
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
 | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
+| HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
+| HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
 #select
 | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
 | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentialsDemo.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentialsDemo.js
@@ -0,0 +1,12 @@
+(function () {
+    const pg = require('pg');
+
+    const client = new pg.Client({
+        user: 'dbuser',  // OK
+        host: 'database.server.com',
+        database: 'mydb',
+        password: 'hgfedcba',  // OK
+        port: 3211,
+    });
+    client.connect();
+})();
