JS: implement getADataNode for AxiosUrlRequest

javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll

@@ -116,31 +116,36 @@ private class RequestUrlRequest extends CustomClientRequest {
  */
 private class AxiosUrlRequest extends CustomClientRequest {
 
-  DataFlow::Node url;
+  string method;
 
   AxiosUrlRequest() {
     exists (string moduleName, DataFlow::SourceNode callee |
       this = callee.getACall() |
       moduleName = "axios" and
       (
-        callee = DataFlow::moduleImport(moduleName) or
-        callee = DataFlow::moduleMember(moduleName, httpMethodName()) or
-        callee = DataFlow::moduleMember(moduleName, "request")
-      ) and
-      (
-        url = getArgument(0) or
-        // depends on the method name and the call arity, over-approximating slightly in the name of simplicity
-        url = getOptionArgument([0..2], urlPropertyName())
+        callee = DataFlow::moduleImport(moduleName) and method = "request" or
+        callee = DataFlow::moduleMember(moduleName, method) and (method = httpMethodName() or method = "request")
       )
     )
   }
 
   override DataFlow::Node getUrl() {
-    result = url
+    result = getArgument(0) or
+    // depends on the method name and the call arity, over-approximating slightly in the name of simplicity
+    result = getOptionArgument([0..2], urlPropertyName())
   }
 
   override DataFlow::Node getADataNode() {
-    none()
+    method = "request" and
+    result = getOptionArgument(0, "data")
+    or
+    (method = "post" or method = "put" or method = "put") and
+    (result = getArgument(1) or result = getOptionArgument(2, "data"))
+    or
+    exists (string name |
+      name = "headers" or name = "params"|
+      result = getOptionArgument([0..2], name)
+    )
   }
 
 }