JS: recognize Express header access with dynamic name

2026-04-26 17:25:19 +02:00 · 2018-09-26 08:22:21 +01:00
parent e78a4e9f10
commit a47b1dc774
3 changed files with 6 additions and 4 deletions
--- a/javascript/ql/test/library-tests/frameworks/Express/RequestInputAccess.expected
+++ b/javascript/ql/test/library-tests/frameworks/Express/RequestInputAccess.expected
@@ -12,6 +12,7 @@
 | src/express.js:28:3:28:16 | req.get("foo") | header | src/express.js:22:30:32:1 | functio ... ar');\\n} |
 | src/express.js:29:3:29:19 | req.header("bar") | header | src/express.js:22:30:32:1 | functio ... ar');\\n} |
 | src/express.js:30:3:30:13 | req.cookies | cookie | src/express.js:22:30:32:1 | functio ... ar');\\n} |
-| src/express.js:47:3:47:17 | req.headers.baz | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
-| src/express.js:48:3:48:10 | req.host | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
-| src/express.js:49:3:49:14 | req.hostname | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
+| src/express.js:47:3:47:17 | req.headers.baz | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
+| src/express.js:48:3:48:10 | req.host | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
+| src/express.js:49:3:49:14 | req.hostname | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
+| src/express.js:50:3:50:32 | req.hea ... erName] | header | src/express.js:46:22:51:1 | functio ... ame];\\n} |
--- a/javascript/ql/test/library-tests/frameworks/Express/src/express.js
+++ b/javascript/ql/test/library-tests/frameworks/Express/src/express.js
@@ -47,4 +47,5 @@ app.post('/headers', function(req, res) {
  req.headers.baz;
  req.host;
  req.hostname;
+  req.headers[config.headerName];
 });