Added test case with inheretence.

Napalys · Napalys · commit 056bf4fde7bc · 2025-03-20T13:08:56.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts
@@ -11,4 +11,17 @@ function createApolloServer(typeDefs) {
         },
       };
     const server = new ApolloServer({typeDefs, resolvers});
+
+    const resolvers2 = {
+      Mutation: {
+        downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery]
+          files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery]
+          return true;
+        },
+      },
+    };
+    
+    class CustomApollo extends ApolloServer {}
+
+    const srv = new CustomApollo({typeDefs, resolvers: resolvers2});
 }
