add support for typed NextJS route-handlers

2026-04-30 03:05:15 +02:00 · 2022-05-10 14:37:47 +02:00
parent 1d10f14629
commit 5e02a76dfd
5 changed files with 60 additions and 9 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
@@ -62,6 +62,10 @@ nodes
 | koa.js:14:16:14:18 | url |
 | koa.js:20:16:20:18 | url |
 | koa.js:20:16:20:18 | url |
+| next.ts:11:31:11:38 | req.body |
+| next.ts:11:31:11:38 | req.body |
+| next.ts:11:31:11:50 | req.body.callbackUrl |
+| next.ts:11:31:11:50 | req.body.callbackUrl |
 | node.js:5:7:5:52 | target |
 | node.js:5:16:5:39 | url.par ... , true) |
 | node.js:5:16:5:45 | url.par ... ).query |
@@ -147,6 +151,10 @@ edges
 | koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
 | koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
 | koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
+| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
+| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
+| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
+| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
 | node.js:5:7:5:52 | target | node.js:6:34:6:39 | target |
 | node.js:5:7:5:52 | target | node.js:6:34:6:39 | target |
 | node.js:5:16:5:39 | url.par ... , true) | node.js:5:16:5:45 | url.par ... ).query |
@@ -195,6 +203,7 @@ edges
 | koa.js:8:15:8:26 | `${url}${x}` | koa.js:6:12:6:27 | ctx.query.target | koa.js:8:15:8:26 | `${url}${x}` | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
 | koa.js:14:16:14:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:14:16:14:18 | url | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
 | koa.js:20:16:20:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:20:16:20:18 | url | Untrusted URL redirection due to $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
+| next.ts:11:31:11:50 | req.body.callbackUrl | next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | Untrusted URL redirection due to $@. | next.ts:11:31:11:38 | req.body | user-provided value |
 | node.js:6:34:6:39 | target | node.js:5:26:5:32 | req.url | node.js:6:34:6:39 | target | Untrusted URL redirection due to $@. | node.js:5:26:5:32 | req.url | user-provided value |
 | node.js:14:34:14:45 | '/' + target | node.js:10:26:10:32 | req.url | node.js:14:34:14:45 | '/' + target | Untrusted URL redirection due to $@. | node.js:10:26:10:32 | req.url | user-provided value |
 | node.js:31:34:31:55 | target  ... =" + me | node.js:28:26:28:32 | req.url | node.js:31:34:31:55 | target  ... =" + me | Untrusted URL redirection due to $@. | node.js:28:26:28:32 | req.url | user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/next.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/next.ts
@@ -0,0 +1,12 @@
+
+import type {
+  NextApiRequest,
+  NextApiResponse,
+} from "next"
+
+export async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+    res.setHeader("Location", req.body.callbackUrl); // NOT OK
+}
--- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/tsconfig.json
+++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/tsconfig.json
@@ -0,0 +1,3 @@
+{
+    "include": ["."]
+}