JavaScript: Switch MissingRateLimiting.qll to API graphs.

The added test shows how this helps us avoid false positives.
2026-04-30 19:26:02 +02:00 · 2020-08-25 11:14:16 +01:00
parent e34a821cc6
commit e3a9906071
3 changed files with 24 additions and 14 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-770/rateLimit.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-770/rateLimit.ts
@@ -0,0 +1,5 @@
+import rateLimit from 'express-rate-limit';
+
+const rateLimitMiddleware = rateLimit();
+
+export default rateLimitMiddleware;
--- a/javascript/ql/test/query-tests/Security/CWE-770/tst2.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-770/tst2.ts
@@ -0,0 +1,8 @@
+import express from 'express';
+import rateLimiter from './rateLimit';
+
+const app = express();
+app.use(rateLimiter);
+app.get('/', (req, res) => {
+    res.sendFile('index.html'); // OK
+});