Skip to content

Commit 4d85799

Browse files
asgerfasgerf
committed
JS: Add test for fastify-rate-limit
1 parent 615b2ec commit 4d85799

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-770/MissingRateLimiting.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,4 @@
88
| tst.js:38:20:38:36 | expensiveHandler4 | This route handler performs $@, but is not rate-limited. | tst.js:17:40:17:83 | connect ... ution') | a database access |
99
| tst.js:64:25:64:63 | functio ... req); } | This route handler performs $@, but is not rate-limited. | tst.js:64:46:64:60 | verifyUser(req) | authorization |
1010
| tst.js:76:25:76:53 | catchAs ... ndler1) | This route handler performs $@, but is not rate-limited. | tst.js:14:40:14:46 | login() | authorization |
11+
| tst.js:88:24:88:40 | expensiveHandler1 | This route handler performs $@, but is not rate-limited. | tst.js:14:40:14:46 | login() | authorization |

javascript/ql/test/query-tests/Security/CWE-770/tst.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,3 +82,9 @@ function errorHandler(req, res, next) {
8282
next(makeOAuthError(req, res));
8383
}
8484
express().use(errorHandler); // OK - does not perform authentication
85+
86+
const fastifyApp = require('fastify')();
87+
88+
fastifyApp.get('/foo', expensiveHandler1); // NOT OK
89+
fastifyApp.register(require('fastify-rate-limit'));
90+
fastifyApp.get('/bar', expensiveHandler1); // OK

0 commit comments

Comments
 (0)