JS: remove speculative property access sink from js/server-crash

2026-04-29 10:45:15 +02:00 · 2020-06-10 21:40:12 +02:00
parent 1d396524a3
commit d6ae905eac
3 changed files with 2 additions and 19 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-730/ServerCrash.expected
@@ -4,4 +4,3 @@
 | server-crash.js:28:5:28:14 | throw err; | When an exception is thrown here and later exits $@, the server of $@ will crash. | server-crash.js:27:28:29:3 | (err, x ...  OK\\n  } | an asynchronous function | server-crash.js:31:25:73:1 | (req, r ...   });\\n} | this route handler |
 | server-crash.js:33:5:33:14 | throw err; | When an exception is thrown here and later exits $@, the server of $@ will crash. | server-crash.js:32:28:34:3 | (err, x ...  OK\\n  } | an asynchronous function | server-crash.js:31:25:73:1 | (req, r ...   });\\n} | this route handler |
 | server-crash.js:41:5:41:48 | res.set ... header) | When an exception is thrown here and later exits $@, the server of $@ will crash. | server-crash.js:40:28:42:3 | (err, x ...  OK\\n  } | an asynchronous function | server-crash.js:31:25:73:1 | (req, r ...   });\\n} | this route handler |
-| server-crash.js:68:5:68:21 | req.query.foo.bar | When an exception is thrown here and later exits $@, the server of $@ will crash. | server-crash.js:67:28:69:3 | (err, x ...  OK\\n  } | an asynchronous function | server-crash.js:31:25:73:1 | (req, r ...   });\\n} | this route handler |
--- a/javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
+++ b/javascript/ql/test/query-tests/Security/CWE-730/server-crash.js
@@ -65,7 +65,7 @@ app.get("/async-throw", (req, res) => {
  });

  fs.readFile("/WHATEVER", (err, x) => {
-    req.query.foo.bar; // NOT OK
+    req.query.foo.bar; // NOT OK [INCONSISTENCY]: need to add property reads as sinks
  });
  fs.readFile("/WHATEVER", (err, x) => {
    res.setHeader("reflected", unknown); // OK