From ccab7b6fff91817be87f948f76b0bfb20ec3c4d2 Mon Sep 17 00:00:00 2001
From: Chuan-kai Lin <cklin@github.com>
Date: Thu, 24 Apr 2025 11:01:46 -0700
Subject: [PATCH] JS: update diff-informed expected files

This commit adds expected files for diff-informed testing. These
expected files describe how diff-informed queries produce alerts that
are not completely in accordance with the given diff ranges.
---
 .../UnsafeHtmlConstruction/47d3c.expected           | 13 +++++++++++++
 .../UnsafeHtmlConstruction/ad592.expected           | 13 +++++++++++++
 .../main.js/(16,21)-(16,35).expected                |  3 +++
 .../main.js/(17,48)-(17,50).expected                |  3 +++
 .../UnsafeHtmlConstruction/main.js/16.expected      |  3 +++
 .../UnsafeHtmlConstruction/main.js/17.expected      |  3 +++
 .../polynomial-redos.js/(15,28)-(15,35).expected    |  3 +++
 .../polynomial-redos.js/(15,41)-(15,43).expected    |  3 +++
 .../polynomial-redos.js/(17,11)-(17,12).expected    |  3 +++
 .../polynomial-redos.js/(17,5)-(17,6).expected      |  3 +++
 .../polynomial-redos.js/(25,37)-(25,56).expected    |  3 +++
 .../polynomial-redos.js/(25,63)-(25,64).expected    |  3 +++
 .../polynomial-redos.js/(30,19)-(30,22).expected    |  3 +++
 .../polynomial-redos.js/(30,23)-(30,24).expected    |  3 +++
 .../polynomial-redos.js/(36,18)-(36,19).expected    |  3 +++
 .../polynomial-redos.js/(36,35)-(36,36).expected    |  3 +++
 .../polynomial-redos.js/(37,18)-(37,19).expected    |  3 +++
 .../polynomial-redos.js/(37,35)-(37,36).expected    |  3 +++
 .../polynomial-redos.js/(38,18)-(38,19).expected    |  3 +++
 .../polynomial-redos.js/(38,34)-(38,35).expected    |  3 +++
 .../polynomial-redos.js/(53,3)-(53,8).expected      |  3 +++
 .../polynomial-redos.js/(53,9)-(53,12).expected     |  3 +++
 .../polynomial-redos.js/(54,10)-(54,13).expected    |  3 +++
 .../polynomial-redos.js/(54,4)-(54,9).expected      |  3 +++
 .../polynomial-redos.js/(75,18)-(75,19).expected    |  3 +++
 .../polynomial-redos.js/(75,35)-(75,36).expected    |  3 +++
 26 files changed, 98 insertions(+)
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected
 create mode 100644 javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected

diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected
new file mode 100644
index 000000000000..28fdafdaf9da
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-16
+  main.js:18-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected
new file mode 100644
index 000000000000..e2aedcd466e3
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-15
+  main.js:17-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected
new file mode 100644
index 000000000000..8de1a09213d5
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(16,21)-(16,35)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected
new file mode 100644
index 000000000000..38a0830fae4a
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(17,48)-(17,50)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected
new file mode 100644
index 000000000000..f9a503d28832
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:16
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected
new file mode 100644
index 000000000000..062a47b5ffdc
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:17
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected
new file mode 100644
index 000000000000..4cc1fc2b37a0
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,28)-(15,35)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`_' and with many repetitions of '\t'. | polynomial-redos.js:15:41:15:43 | \s* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected
new file mode 100644
index 000000000000..9eefac336da0
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,41)-(15,43)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`' and with many repetitions of '\t'. | polynomial-redos.js:15:28:15:35 | [\s\S]*? | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected
new file mode 100644
index 000000000000..4a8e4f4903c8
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,11)-(17,12)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of ','. | polynomial-redos.js:17:5:17:6 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected
new file mode 100644
index 000000000000..4ea41dbe6470
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,5)-(17,6)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings starting with ',' and with many repetitions of ',,'. | polynomial-redos.js:17:11:17:12 | .+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected
new file mode 100644
index 000000000000..8559379ff6ef
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,37)-(25,56)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t\t' and with many repetitions of '='. | polynomial-redos.js:25:63:25:64 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected
new file mode 100644
index 000000000000..176f3ee0f1fc
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,63)-(25,64)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t' and with many repetitions of '\t\t'. | polynomial-redos.js:25:37:25:56 | [a-zA-Z0-9+\/ \t\n]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected
new file mode 100644
index 000000000000..eebe2e34ea13
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,19)-(30,22)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings starting with '?' and with many repetitions of '?'. | polynomial-redos.js:30:23:30:24 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected
new file mode 100644
index 000000000000..dcaa9a8b8de6
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,23)-(30,24)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings with many repetitions of '?'. | polynomial-redos.js:30:19:30:22 | [?]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected
new file mode 100644
index 000000000000..f373124dde80
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,18)-(36,19)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:36:35:36:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected
new file mode 100644
index 000000000000..d1c3c57d511e
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,35)-(36,36)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:36:18:36:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected
new file mode 100644
index 000000000000..0bc4c718d705
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,18)-(37,19)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<style="!"' and with many repetitions of 'style="!"'. | polynomial-redos.js:37:35:37:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected
new file mode 100644
index 000000000000..7ab6646c37c0
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,35)-(37,36)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:37:18:37:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected
new file mode 100644
index 000000000000..b18d8e848d0c
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,18)-(38,19)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<href="!"' and with many repetitions of 'href="!"'. | polynomial-redos.js:38:34:38:35 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected
new file mode 100644
index 000000000000..8a7ae4b166fc
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,34)-(38,35)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:38:18:38:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected
new file mode 100644
index 000000000000..ffc871e9bd6b
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,3)-(53,8)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'Y'. | polynomial-redos.js:53:9:53:12 | (Y)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected
new file mode 100644
index 000000000000..53f923745a51
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,9)-(53,12)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:53:3:53:8 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected
new file mode 100644
index 000000000000..4c01af79a4cc
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,10)-(54,13)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:54:4:54:9 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected
new file mode 100644
index 000000000000..e56c300cf20e
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,4)-(54,9)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'B'. | polynomial-redos.js:54:10:54:13 | (.)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected
new file mode 100644
index 000000000000..8827fbf58eb0
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,18)-(75,19)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:75:35:75:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected
new file mode 100644
index 000000000000..2c82f3d3f024
--- /dev/null
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,35)-(75,36)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:75:18:75:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |