Add support for axios.postForm in ClientRequest.

Napalys · Napalys · commit 69fe251eac1e · 2025-03-25T10:41:08.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -222,7 +222,7 @@ module ClientRequest {
       method = "request"
       or
       this = axios().getMember(method).getACall() and
-      method = [httpMethodName(), "request"]
+      method = [httpMethodName(), "request", "postForm"]
     }
 
     private int getOptionsArgIndex() {
@@ -254,6 +254,8 @@ module ClientRequest {
       method = ["post", "put"] and
       result = [this.getArgument(1), this.getOptionArgument(2, "data")]
       or
+      method = ["postForm"] and result = this.getArgument(1)
+      or
       result = this.getOptionArgument([0 .. 2], ["headers", "params"])
     }
 
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected
@@ -103,6 +103,7 @@ test_ClientRequest
 | tst.js:334:5:334:25 | got.pag ... rl, {}) |
 | tst.js:337:5:337:20 | jsonClient.get() |
 | tst.js:340:5:340:21 | jsonClient2.get() |
+| tst.js:344:5:344:37 | axios.p ... config) |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} |
@@ -146,6 +147,7 @@ test_getADataNode
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:255:25:255:35 | 'new_value' |
 | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data |
+| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:25:344:28 | data |
 test_getHost
 | tst.js:87:5:87:39 | http.ge ...  host}) | tst.js:87:34:87:37 | host |
 | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host |
@@ -268,6 +270,7 @@ test_getUrl
 | tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url |
+| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:20:344:22 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |
@@ -354,3 +357,4 @@ test_getAResponseDataNode
 | tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:5:334:25 | got.pag ... rl, {}) | text | true |
 | tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true |
+| tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:5:344:37 | axios.p ... config) | json | true |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -341,7 +341,7 @@ function gotTests(url){
 }
 
 function moreAxiosTests(url, data, config){
-    axios.postForm(url, data, config); // not flagged
+    axios.postForm(url, data, config);
     axios.putForm(url, data); // not flagged
     axios.putForm(url, data, config); // not flagged
     axios.patchForm(url, data); // not flagged

Original file line number	Diff line number	Diff line change
`@@ -341,7 +341,7 @@ function gotTests(url){`
`341`	`341`	`}`
`342`	`342`
`343`	`343`	`function moreAxiosTests(url, data, config){`
`344`		`- axios.postForm(url, data, config); // not flagged`
	`344`	`+ axios.postForm(url, data, config);`
`345`	`345`	`axios.putForm(url, data); // not flagged`
`346`	`346`	`axios.putForm(url, data, config); // not flagged`
`347`	`347`	`axios.patchForm(url, data); // not flagged`