Add test case to ensure exec calls without middleware injection into Express are not flagged.

2025-12-16 16:53:25 +01:00 · 2025-03-30 13:59:36 +02:00
parent 45c8ec96df
commit 32d6ac8da7
1 changed files with 9 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js
+++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/hana.js
@@ -84,3 +84,12 @@ app2.post('/documents/find', (req, res) => {
    client.execute('select A, B from TEST.NUMBERS order by A' + maliciousInput, function(err, rs) {}); // $ Alert
  });
 });
+
+var app3 = express();
+
+app3.get('/execute-query', function (req, res) {
+  var client = req.db;
+  let maliciousInput = req.body.data;
+  client.exec('SELECT * FROM DUMMY' + maliciousInput, function (err, rs) {});
+  req.db.exec('SELECT * FROM DUMMY' + maliciousInput, function (err, rs) {});
+});