add test that requires flowToExpr

2026-05-03 12:45:27 +02:00 · 2021-11-08 12:25:45 +01:00
parent 3d6a5263e0
commit 0ab510f543
2 changed files with 15 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-598/SensitiveGetQuery.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-598/SensitiveGetQuery.expected
@@ -1 +1,3 @@
 | tst.js:8:22:8:39 | req.query.password | $@ for GET requests uses query parameter as sensitive data. | tst.js:6:19:14:1 | (req, r ... serId\\n} | Route handler |
+| tst.js:26:22:26:42 | req.par ... sword') | $@ for GET requests uses query parameter as sensitive data. | tst.js:24:20:35:1 | (req, r ...   });\\n} | Route handler |
+| tst.js:31:24:31:40 | req.param('word') | $@ for GET requests uses query parameter as sensitive data. | tst.js:24:20:35:1 | (req, r ...   });\\n} | Route handler |
--- a/javascript/ql/test/query-tests/Security/CWE-598/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-598/tst.js
@@ -19,4 +19,17 @@ app.post("/login", (req, res) => {
    checkUser(username, password, (result) => {
        res.send(result);
    });
+});
+
+app.get("/login2", (req, res) => {
+    const username = req.param('username'); // NOT OK - usernames are fine
+    const password = req.param('password'); // NOT OK - password read
+    checkUser(username, password, (result) => {
+        res.send(result);
+    });
+
+    const myPassword = req.param('word'); // NOT OK - is used in a sensitive write below.
+    checkUser(username, myPassword, (result) => {
+        res.send(result);
+    });
 });