From 32d6ac8da705adc9609f449f6c5388d5886e02b9 Mon Sep 17 00:00:00 2001
From: Napalys <napalys@github.com>
Date: Sun, 30 Mar 2025 13:59:36 +0200
Subject: [PATCH] Add test case to ensure `exec` calls without middleware
 injection into `Express` are not flagged.

---
 .../ql/test/query-tests/Security/CWE-089/untyped/hana.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js b/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js
index 693e1e428ef..259ecbbc4d6 100644
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js
@@ -84,3 +84,12 @@ app2.post('/documents/find', (req, res) => {
     client.execute('select A, B from TEST.NUMBERS order by A' + maliciousInput, function(err, rs) {}); // $ Alert
   });
 });
+
+var app3 = express();
+
+app3.get('/execute-query', function (req, res) {
+  var client = req.db;
+  let maliciousInput = req.body.data;
+  client.exec('SELECT * FROM DUMMY' + maliciousInput, function (err, rs) {});
+  req.db.exec('SELECT * FROM DUMMY' + maliciousInput, function (err, rs) {});
+});