JavaScript: Add support for rate-limiter-flexible package.

2026-04-28 10:15:14 +02:00 · 2019-09-18 12:13:23 +01:00
parent e7d8fa4251
commit 3970ead7ab
3 changed files with 50 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-770/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-770/tst.js
@@ -63,3 +63,11 @@ app3.get('/:path', expensiveHandler1); // OK

 express().get('/:path', function(req, res) { verifyUser(req); });  // NOT OK
 express().get('/:path', RateLimit(), function(req, res) { verifyUser(req); });  // OK
+
+// rate limiting using rate-limiter-flexible
+const { RateLimiterRedis } = require('rate-limiter-flexible');
+const rateLimiter = new RateLimiterRedis();
+const rateLimiterMiddleware = (req, res, next) => {
+  rateLimiter.consume(req.ip).then(next).catch(res.status(429).send('rate limited'));
+};
+express().get('/:path', rateLimiterMiddleware, expensiveHandler1);