hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add GuardedRouteHandler access path component

Browse Source
This commit is contained in:
Asger F
2025-03-27 13:59:41 +01:00
parent fdea22fbc3
commit 13d2453a45
4 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/test/library-tests/frameworks/data/guardedRouteHandler.js Normal file
View File

@@ -0,0 +1,21 @@
const express = require('express');
const app = express();
const testlib = require('testlib');
app.get('/before', (req, res) => {
sink(req.injectedReqData); // OK [INCONSISTENCY] - happens before middleware
sink(req.injectedResData); // OK - wrong parameter
sink(res.injectedReqData); // OK - wrong parameter
sink(res.injectedResData); // OK [INCONSISTENCY] - happens before middleware
});
app.use(testlib.middleware());
app.get('/after', (req, res) => {
sink(req.injectedReqData); // NOT OK
sink(req.injectedResData); // OK - wrong parameter
sink(res.injectedReqData); // OK - wrong parameter
sink(res.injectedResData); // NOT OK
});

4
javascript/ql/test/library-tests/frameworks/data/test.expected
View File

@@ -1,6 +1,10 @@
legacyDataFlowDifference
consistencyIssue
taintFlow
| guardedRouteHandler.js:6:10:6:28 | req.injectedReqData | guardedRouteHandler.js:6:10:6:28 | req.injectedReqData |
| guardedRouteHandler.js:10:10:10:28 | res.injectedResData | guardedRouteHandler.js:10:10:10:28 | res.injectedResData |
| guardedRouteHandler.js:16:10:16:28 | req.injectedReqData | guardedRouteHandler.js:16:10:16:28 | req.injectedReqData |
| guardedRouteHandler.js:20:10:20:28 | res.injectedResData | guardedRouteHandler.js:20:10:20:28 | res.injectedResData |
| paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x |
| test.js:5:30:5:37 | source() | test.js:5:8:5:38 | testlib ... urce()) |
| test.js:6:22:6:29 | source() | test.js:6:8:6:30 | preserv ... urce()) |

2
javascript/ql/test/library-tests/frameworks/data/test.ext.yml
View File

@@ -13,6 +13,8 @@ extensions:
- ['testlib', 'Member[getSourceArray].ReturnValue.ArrayElement', 'test-source']
- ['(testlib)', 'Member[parenthesizedPackageName].ReturnValue', 'test-source']
- ['danger-constant', 'Member[danger]', 'test-source']
- ['testlib', 'Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[0].Member[injectedReqData]', 'test-source']
- ['testlib', 'Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[1].Member[injectedResData]', 'test-source']
- addsTo:
pack: codeql/javascript-all