hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #118 from esben-semmle/js/request-forgery

Browse Source 
Approved by asger-semmle
This commit is contained in:
semmle-qlci
2018-09-11 16:28:59 +01:00
committed by GitHub
parent 5fef916683 aaf1ac770d
commit b17aeb689c
21 changed files with 628 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.expected Normal file
View File

@@ -0,0 +1,18 @@
| tst.js:11:5:11:16 | request(url) |
| tst.js:13:5:13:20 | request.get(url) |
| tst.js:15:5:15:23 | request.delete(url) |
| tst.js:17:5:17:25 | request ... url }) |
| tst.js:19:5:19:23 | requestPromise(url) |
| tst.js:21:5:21:23 | superagent.get(url) |
| tst.js:23:5:23:17 | http.get(url) |
| tst.js:25:5:25:14 | axios(url) |
| tst.js:27:5:27:18 | axios.get(url) |
| tst.js:29:5:29:23 | axios({ url: url }) |
| tst.js:31:5:31:12 | got(url) |
| tst.js:33:5:33:19 | got.stream(url) |
| tst.js:35:5:35:21 | window.fetch(url) |
| tst.js:37:5:37:18 | nodeFetch(url) |
| tst.js:39:5:39:20 | net.request(url) |
| tst.js:41:5:41:29 | net.req ... url }) |
| tst.js:43:5:43:26 | new Cli ... st(url) |
| tst.js:45:5:45:35 | new Cli ... url }) |

4
javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest.ql Normal file
View File

@@ -0,0 +1,4 @@
import javascript
from ClientRequest r
select r

22
javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getUrl.expected Normal file
View File

@@ -0,0 +1,22 @@
| tst.js:11:5:11:16 | request(url) | tst.js:11:13:11:15 | url |
| tst.js:13:5:13:20 | request.get(url) | tst.js:13:17:13:19 | url |
| tst.js:15:5:15:23 | request.delete(url) | tst.js:15:20:15:22 | url |
| tst.js:17:5:17:25 | request ... url }) | tst.js:17:13:17:24 | { url: url } |
| tst.js:17:5:17:25 | request ... url }) | tst.js:17:20:17:22 | url |
| tst.js:19:5:19:23 | requestPromise(url) | tst.js:19:20:19:22 | url |
| tst.js:21:5:21:23 | superagent.get(url) | tst.js:21:20:21:22 | url |
| tst.js:23:5:23:17 | http.get(url) | tst.js:23:14:23:16 | url |
| tst.js:25:5:25:14 | axios(url) | tst.js:25:11:25:13 | url |
| tst.js:27:5:27:18 | axios.get(url) | tst.js:27:15:27:17 | url |
| tst.js:29:5:29:23 | axios({ url: url }) | tst.js:29:11:29:22 | { url: url } |
| tst.js:29:5:29:23 | axios({ url: url }) | tst.js:29:18:29:20 | url |
| tst.js:31:5:31:12 | got(url) | tst.js:31:9:31:11 | url |
| tst.js:33:5:33:19 | got.stream(url) | tst.js:33:16:33:18 | url |
| tst.js:35:5:35:21 | window.fetch(url) | tst.js:35:18:35:20 | url |
| tst.js:37:5:37:18 | nodeFetch(url) | tst.js:37:15:37:17 | url |
| tst.js:39:5:39:20 | net.request(url) | tst.js:39:17:39:19 | url |
| tst.js:41:5:41:29 | net.req ... url }) | tst.js:41:17:41:28 | { url: url } |
| tst.js:41:5:41:29 | net.req ... url }) | tst.js:41:24:41:26 | url |
| tst.js:43:5:43:26 | new Cli ... st(url) | tst.js:43:23:43:25 | url |
| tst.js:45:5:45:35 | new Cli ... url }) | tst.js:45:23:45:34 | { url: url } |
| tst.js:45:5:45:35 | new Cli ... url }) | tst.js:45:30:45:32 | url |

4
javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequest_getUrl.ql Normal file
View File

@@ -0,0 +1,4 @@
import javascript
from ClientRequest r
select r, r.getUrl()

50
javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js Normal file
View File

@@ -0,0 +1,50 @@
import request from 'request';
import requestPromise from 'request-promise';
import superagent from 'superagent';
import http from 'http';
import express from 'express';
import axios from 'axios';
import got from 'got';
import nodeFetch from 'node-fetch';
import {ClientRequest, net} from 'electron';
(function() {
request(url);
request.get(url);
request.delete(url);
request({ url: url });
requestPromise(url);
superagent.get(url);
http.get(url);
axios(url);
axios.get(url);
axios({ url: url });
got(url);
got.stream(url);
window.fetch(url);
nodeFetch(url);
net.request(url);
net.request({ url: url });
new ClientRequest(url);
new ClientRequest({ url: url });
unknown(url);
unknown({ url:url });
});

2
javascript/ql/test/library-tests/frameworks/Electron/ClientRequest.ql
View File

@@ -1,4 +1,4 @@
import javascript
from NodeJSLib::ClientRequest cr
from Electron::ElectronClientRequest cr
select cr

2
javascript/ql/test/library-tests/frameworks/NodeJSLib/ClientRequest.ql
View File

@@ -1,4 +1,4 @@
import javascript
from NodeJSLib::ClientRequest cr
from NodeJSLib::NodeJSClientRequest cr
select cr