Clone found (markdown):
- /github/workspace/src/test/resources/naughty_string_printed.txt [223:3 - 249:2] (26 lines, 572 tokens)
/github/workspace/src/test/resources/naughty_string_printed.txt [222:3 - 232:5]
Clone found (markdown):
- /github/workspace/src/test/resources/naughty_string_printed.txt [316:7 - 353:2] (37 lines, 581 tokens)
/github/workspace/src/test/resources/naughty_string_printed.txt [315:20 - 322:6]
Clone found (markdown):
- /github/workspace/src/test/resources/naughty_string_printed.txt [223:3 - 249:2] (26 lines, 572 tokens)
/github/workspace/src/test/resources/naughty_string_printed.txt [222:3 - 232:5]
223 │ 222 │ "ABC<div style="x:expression\x5C(javascript:alert(1)">DEF",
224 │ 223 │ "ABC<div style="x:expression\x00(javascript:alert(1)">DEF",
225 │ 224 │ "ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF",
226 │ 225 │ "ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF",
227 │ 226 │ "ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF",
228 │ 227 │ "ABC<div style="x:\x09expression(javascript:alert(1)">DEF",
229 │ 228 │ "ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF",
230 │ 229 │ "ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF",
231 │ 230 │ "ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF",
232 │ 231 │ "ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF",
233 │ 232 │ "ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF",
234 │ 233 │ "ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF",
235 │ 234 │ "ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF",
236 │ 235 │ "ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF",
237 │ 236 │ "ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF",
238 │ 237 │ "ABC<div style="x:\x20expression(javascript:alert(1)">DEF",
239 │ 238 │ "ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF",
240 │ 239 │ "ABC<div style="x:\x00expression(javascript:alert(1)">DEF",
241 │ 240 │ "ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF",
242 │ 241 │ "ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF",
243 │ 242 │ "ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF",
244 │ 243 │ "ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF",
245 │ 244 │ "ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF",
246 │ 245 │ "ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF",
247 │ 246 │ "ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF",
248 │ 247 │ "ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF",
249 │ 248 │ "
Clone found (markdown):
- /github/workspace/src/test/resources/naughty_string_printed.txt [316:7 - 353:2] (37 lines, 581 tokens)
/github/workspace/src/test/resources/naughty_string_printed.txt [315:20 - 322:6]
316 │ 315 │ >",
317 │ 316 │ ""`'><script>\x0Djavascript:alert(1)</script>",
318 │ 317 │ ""`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>",
319 │ 318 │ ""`'><script>\xE2\x80\x81javascript:alert(1)</script>",
320 │ 319 │ ""`'><script>\xE2\x80\x84javascript:alert(1)</script>",
321 │ 320 │ ""`'><script>\xE3\x80\x80javascript:alert(1)</script>",
322 │ 321 │ ""`'><script>\x09javascript:alert(1)</script>",
323 │ 322 │ ""`'><script>\xE2\x80\x89javascript:alert(1)</script>",
324 │ 323 │ ""`'><script>\xE2\x80\x85javascript:alert(1)</script>",
325 │ 324 │ ""`'><script>\xE2\x80\x88javascript:alert(1)</script>",
326 │ 325 │ ""`'><script>\x00javascript:alert(1)</script>",
327 │ 326 │ ""`'><script>\xE2\x80\xA8javascript:alert(1)</script>",
328 │ 327 │ ""`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>",
329 │ 328 │ ""`'><script>\xE1\x9A\x80javascript:alert(1)</script>",
330 │ 329 │ ""`'><script>\x0Cjavascript:alert(1)</script>",
331 │ 330 │ ""`'><script>\x2Bjavascript:alert(1)</script>",
332 │ 331 │ ""`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>",
333 │ 332 │ ""`'><script>-javascript:alert(1)</script>",
334 │ 333 │ ""`'><script>\x0Ajavascript:alert(1)</script>",
335 │ 334 │ ""`'><script>\xE2\x80\xAFjavascript:alert(1)</script>",
336 │ 335 │ ""`'><script>\x7Ejavascript:alert(1)</script>",
337 │ 336 │ ""`'><script>\xE2\x80\x87javascript:alert(1)</script>",
338 │ 337 │ ""`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>",
339 │ 338 │ ""`'><script>\xE2\x80\xA9javascript:alert(1)</script>",
340 │ 339 │ ""`'><script>\xC2\x85javascript:alert(1)</script>",
341 │ 340 │ ""`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>",
342 │ 341 │ ""`'><script>\xE2\x80\x83javascript:alert(1)</script>",
343 │ 342 │ ""`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>",
344 │ 343 │ ""`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>",
345 │ 344 │ ""`'><script>\xE2\x80\x80javascript:alert(1)</script>",
346 │ 345 │ ""`'><script>\x21javascript:alert(1)</script>",
347 │ 346 │ ""`'><script>\xE2\x80\x82javascript:alert(1)</script>",
348 │ 347 │ ""`'><script>\xE2\x80\x86javascript:alert(1)</script>",
349 │ 348 │ ""`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>",
350 │ 349 │ ""`'><script>\x0Bjavascript:alert(1)</script>",
351 │ 350 │ ""`'><script>\x20javascript:alert(1)</script>",
352 │ 351 │ ""`'><script>\xC2\xA0javascript:alert(1)</script>",
353 │ 352 │ "
Found 2 clones.
Error: ERROR: jscpd found too many duplicates (2.19%) over threshold (0%)
at ThresholdReporter.report (/node_modules/@jscpd/finder/dist/index.js:615:13)
at /node_modules/@jscpd/finder/dist/index.js:109:18
at Array.forEach (<anonymous>)
at /node_modules/@jscpd/finder/dist/index.js:108:22
at async /node_modules/jscpd/dist/bin/jscpd.js:9:5ERROR: jscpd found too many duplicates (2.19%) over threshold (0%)
So it appears that jscpd is stripping data for security reasons which means that it thinks that my test cases, which are there to test that these escape sequences don't get stripped, are getting stripped.
There should be no duplicates detected, since none of the lines are actually duplicates (unless you strip them of escape sequences!)
The original bug was #427, but I stopped maintaining my project in the intervening years. I'm back though, have updated super-linter, versions, etc. and the bug seems to still be there, though maybe not the same bug, but still detecting duplicates when there are none.
Here's the output from super-linter:
So it appears that jscpd is stripping data for security reasons which means that it thinks that my test cases, which are there to test that these escape sequences don't get stripped, are getting stripped.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
There should be no duplicates detected, since none of the lines are actually duplicates (unless you strip them of escape sequences!)
Desktop (please complete the following information):
github actions super-linter
Additional context
#427