hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Model the TypeORM Repository API

Browse Source
This commit is contained in:
Vasco-jofra
2025-06-13 15:35:46 +02:00
parent e04dea10c8
commit 4ea53773b9
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/test/experimental/TypeOrm/test.ts
View File

@@ -72,7 +72,7 @@ function makePaginationQuery<T>(q: SelectQueryBuilder<T>): SelectQueryBuilder<T>
AppDataSource.initialize().then(async () => {
const BadInput = "A user controllable Remote Source like `' 1=1 --` "
// Active record
await UserActiveRecord.findByName(BadInput, "Saw")
@@ -217,4 +217,9 @@ AppDataSource.initialize().then(async () => {
qb.where(BadInput).orWhere(BadInput) // test: SQLInjectionPoint
}),
).getMany()
// Repository.query sink
await AppDataSource.getRepository(User2)
.query(BadInput) // test: SQLInjectionPoint
}).catch(error => console.log(error))

1
javascript/ql/test/experimental/TypeOrm/tests.expected
View File

@@ -29,4 +29,5 @@ passingPositiveTests
| PASSED | SQLInjectionPoint | test.ts:210:28:210:53 | // test ... onPoint |
| PASSED | SQLInjectionPoint | test.ts:213:56:213:81 | // test ... onPoint |
| PASSED | SQLInjectionPoint | test.ts:217:56:217:81 | // test ... onPoint |
| PASSED | SQLInjectionPoint | test.ts:223:29:223:54 | // test ... onPoint |
failingPositiveTests