hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/tutorials/Validating RAML-based APIs/MissingResponseSpecification.ql
Anders Schack-Mulligen e58094c732 Javascript: Autoformat.
2019-01-11 11:02:42 +01:00

27 lines
835 B
Plaintext
Raw Permalink Blame History

/**
* @name Missing status code specification
* @description Using undocumented status codes in REST API methods may confuse client applications.
* @kind problem
* @problem.severity warning
*/
import javascript
import Osprey
import RAML
RAMLMethod getSpecification(OspreyMethod om) {
exists(RAMLResource rr, File f, string rPath |
rr.getLocation().getFile() = f and
f = om.getDefinition().getAPI().getSpecFile() and
rPath = om.getResourcePath() and
rr.getPath() = rPath.regexpReplaceAll("/:([^/]+)/", "/{$1}/") and
result = rr.getMethod(om.getVerb())
)
}
from MethodResponseSetStatus mrss, RAMLMethod rm
where
rm = getSpecification(mrss.getMethod()) and
not exists(rm.getResponse(mrss.getStatusCode()))
select mrss, "Response " + mrss.getStatusCode() + " is not specified by $@.", rm, rm.toString()
Reference in New Issue View Git Blame Copy Permalink