hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhance SuperAgent URL request handling for both method calls and direct calls

Browse Source
This commit is contained in:
Napalys
2025-03-19 17:50:05 +01:00
parent 2e1734eeba
commit cdf4f5395f
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
View File

@@ -529,8 +529,16 @@ module ClientRequest {
SuperAgentUrlRequest() {
exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() |
moduleName = "superagent" and
callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and
url = this.getArgument(0)
(
// Handle method calls like superagent.get(url)
callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and
url = this.getArgument(0)
or
// Handle direct calls like superagent('GET', url)
callee = DataFlow::moduleImport(moduleName) and
this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and
url = this.getArgument(1)
)
)
}