Added support for putForm.

Napalys · Napalys · commit 7fe943d8b21d · 2025-03-25T10:42:04.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -222,7 +222,7 @@ module ClientRequest {
       method = "request"
       or
       this = axios().getMember(method).getACall() and
-      method = [httpMethodName(), "request", "postForm"]
+      method = [httpMethodName(), "request", "postForm", "putForm"]
     }
 
     private int getOptionsArgIndex() {
@@ -254,7 +254,7 @@ module ClientRequest {
       method = ["post", "put"] and
       result = [this.getArgument(1), this.getOptionArgument(2, "data")]
       or
-      method = ["postForm"] and result = this.getArgument(1)
+      method = ["postForm", "putForm"] and result = this.getArgument(1)
       or
       result = this.getOptionArgument([0 .. 2], ["headers", "params"])
     }
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected
@@ -104,6 +104,8 @@ test_ClientRequest
 | tst.js:337:5:337:20 | jsonClient.get() |
 | tst.js:340:5:340:21 | jsonClient2.get() |
 | tst.js:344:5:344:37 | axios.p ... config) |
+| tst.js:345:5:345:28 | axios.p ... , data) |
+| tst.js:346:5:346:36 | axios.p ... config) |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} |
@@ -148,6 +150,8 @@ test_getADataNode
 | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data |
 | tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:25:344:28 | data |
+| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:24:345:27 | data |
+| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:24:346:27 | data |
 test_getHost
 | tst.js:87:5:87:39 | http.ge ...  host}) | tst.js:87:34:87:37 | host |
 | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host |
@@ -271,6 +275,8 @@ test_getUrl
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url |
 | tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:20:344:22 | url |
+| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:19:345:21 | url |
+| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:19:346:21 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |
@@ -358,3 +364,5 @@ test_getAResponseDataNode
 | tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true |
 | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true |
 | tst.js:344:5:344:37 | axios.p ... config) | tst.js:344:5:344:37 | axios.p ... config) | json | true |
+| tst.js:345:5:345:28 | axios.p ... , data) | tst.js:345:5:345:28 | axios.p ... , data) | json | true |
+| tst.js:346:5:346:36 | axios.p ... config) | tst.js:346:5:346:36 | axios.p ... config) | json | true |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -342,8 +342,8 @@ function gotTests(url){
 
 function moreAxiosTests(url, data, config){
     axios.postForm(url, data, config);
-    axios.putForm(url, data); // not flagged
-    axios.putForm(url, data, config); // not flagged
+    axios.putForm(url, data);
+    axios.putForm(url, data, config);
     axios.patchForm(url, data); // not flagged
     axios.patchForm(url, data, config); // not flagged
     axios.getUri({ url: url }); // not flagged
