initial tests

Alvaro Muñoz · Alvaro Muñoz · commit ea8edb8408c6 · 2022-10-13T11:32:21.000+02:00
diff --git a/javascript/ql/test/library-tests/frameworks/Express/XSS.qll b/javascript/ql/test/library-tests/frameworks/Express/XSS.qll
@@ -0,0 +1,6 @@
+import javascript 
+import semmle.javascript.security.dataflow.ReflectedXssCustomizations
+
+query predicate test_XSS(ReflectedXss::Sink sink, Http::ResponseSendArgument res) {
+  sink = res
+}
diff --git a/javascript/ql/test/library-tests/frameworks/Express/src/express.js b/javascript/ql/test/library-tests/frameworks/Express/src/express.js
@@ -34,12 +34,12 @@ app.post('/some/other/path', function(req, res) {
 app.get('/', require('./exportedHandler.js').handler);
 
 function getHandler() {
-    return function (req, res){}
+  return function(req, res) { }
 }
 app.use(getHandler());
 
 function getArrowHandler() {
-    return (req, res) => f();
+  return (req, res) => f();
 }
 app.use(getArrowHandler());
 
@@ -49,3 +49,21 @@ app.post('/headers', function(req, res) {
   req.hostname;
   req.headers[config.headerName];
 });
+
+app.get('/some/xss1', function(req, res) {
+  res.header("Content-Type", "text/html");
+  res.send(req.params.foo)
+  foo(res);
+});
+
+app.get('/some/xss2', function(req, res) {
+  res.header("Content-Type", "application/xml");
+  res.send(req.params.foo)
+  foo(res);
+});
+
+app.get('/some/non-xss1', function(req, res) {
+  res.header("Content-Type", "text/plain");
+  res.send(req.params.foo)
+  foo(res);
+});
