add test for express-ws as a source

erik-krogh · erik-krogh · commit 6192544fb4c8 · 2023-02-13T15:26:50.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
@@ -89,6 +89,10 @@ nodes
 | express.js:34:17:34:35 | req.param("wobble") |
 | express.js:43:15:43:19 | taint |
 | express.js:43:15:43:19 | taint |
+| express.js:49:30:49:32 | msg |
+| express.js:49:30:49:32 | msg |
+| express.js:50:10:50:12 | msg |
+| express.js:50:10:50:12 | msg |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
@@ -225,6 +229,10 @@ edges
 | express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
 | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
 | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
 | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
@@ -321,6 +329,7 @@ edges
 | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:21:19:21:48 | req.par ... ntext") | user-provided value |
 | express.js:27:34:27:38 | taint | express.js:26:17:26:35 | req.param("wobble") | express.js:27:34:27:38 | taint | This code execution depends on a $@. | express.js:26:17:26:35 | req.param("wobble") | user-provided value |
 | express.js:43:15:43:19 | taint | express.js:34:17:34:35 | req.param("wobble") | express.js:43:15:43:19 | taint | This code execution depends on a $@. | express.js:34:17:34:35 | req.param("wobble") | user-provided value |
+| express.js:50:10:50:12 | msg | express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | This code execution depends on a $@. | express.js:49:30:49:32 | msg | user-provided value |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | This code execution depends on a $@. | module.js:9:16:9:29 | req.query.code | user-provided value |
 | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | This code execution depends on a $@. | module.js:11:17:11:30 | req.query.code | user-provided value |
 | react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
@@ -93,6 +93,10 @@ nodes
 | express.js:34:17:34:35 | req.param("wobble") |
 | express.js:43:15:43:19 | taint |
 | express.js:43:15:43:19 | taint |
+| express.js:49:30:49:32 | msg |
+| express.js:49:30:49:32 | msg |
+| express.js:50:10:50:12 | msg |
+| express.js:50:10:50:12 | msg |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
@@ -233,6 +237,10 @@ edges
 | express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
 | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
 | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
+| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
 | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/express.js b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/express.js
@@ -42,4 +42,11 @@ app.get('/terminal', function(req, res) {
 
   shell.write(taint); // NOT OK
 });
-  
+  
+require("express-ws")(app);
+
+app.ws("/socket-thing/", function (ws, req) {
+  ws.on("message", function (msg) {
+    eval(msg); // NOT OK
+  });
+});
