JS: Add tests in request forgery queries

2026-05-04 05:05:12 +02:00 · 2026-02-25 09:41:38 +01:00
parent 1253553aec
commit 4a001f960f
6 changed files with 32 additions and 0 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js
+++ b/javascript/ql/test/query-tests/Security/CWE-918/serverSide.js
@@ -146,3 +146,6 @@ var server2 = http.createServer(function (req, res) {
    const escapedUrl = escape(input);
    axios.get(escapedUrl); // $ Alert[js/request-forgery]
 });
+
+const custom = require('testlib').getServerSource(); // $ Source[js/request-forgery]
+request(custom) // $ Alert[js/request-forgery];