support host for http-proxy client requests

Author: erik-krogh

javascript/ql/src/semmle/javascript/frameworks/HttpProxy.qll

@@ -21,7 +21,9 @@ private module HttpProxy {
 
     override DataFlow::Node getUrl() { result = getParameter(0).getMember("target").getARhs() }
 
-    override DataFlow::Node getHost() { none() }
+    override DataFlow::Node getHost() {
+      result = getParameter(0).getMember("target").getMember("host").getARhs()
+    }
 
     override DataFlow::Node getADataNode() { none() }
   }
@@ -37,17 +39,21 @@ private module HttpProxy {
       this = any(CreateServerCall server).getReturn().getMember(method).getACall()
     }
 
-    override DataFlow::Node getUrl() {
+    private API::Node getOptionsObject() {
       exists(int optionsIndex |
         method = "web" and optionsIndex = 2
         or
         method = "ws" and optionsIndex = 3
       |
-        result = getParameter(optionsIndex).getMember("target").getARhs()
+        result = getParameter(optionsIndex)
       )
     }
 
-    override DataFlow::Node getHost() { none() }
+    override DataFlow::Node getUrl() { result = getOptionsObject().getMember("target").getARhs() }
+
+    override DataFlow::Node getHost() {
+      result = getOptionsObject().getMember("target").getMember("host").getARhs()
+    }
 
     override DataFlow::Node getADataNode() { none() }
   }

javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected

@@ -82,6 +82,7 @@ test_ClientRequest
 | tst.js:267:1:267:61 | httpPro ... 9000'}) |
 | tst.js:269:13:269:48 | httpPro ... ptions) |
 | tst.js:271:3:271:61 | proxy.w ... 080' }) |
+| tst.js:274:1:283:2 | httpPro ... true\\n}) |
 test_getADataNode
 | tst.js:53:5:53:23 | axios({data: data}) | tst.js:53:18:53:21 | data |
 | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:19:57:23 | data1 |
@@ -127,6 +128,7 @@ test_getHost
 | tst.js:93:5:93:35 | net.req ... host }) | tst.js:93:29:93:32 | host |
 | tst.js:219:5:219:41 | data.so ... Host"}) | tst.js:219:32:219:39 | "myHost" |
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:259:11:259:23 | 'example.org' |
+| tst.js:274:1:283:2 | httpPro ... true\\n}) | tst.js:277:15:277:30 | 'my-domain-name' |
 test_getUrl
 | apollo.js:5:18:5:78 | new cre ... hql' }) | apollo.js:5:44:5:75 | 'https: ... raphql' |
 | apollo.js:10:1:10:54 | new Htt ... hql' }) | apollo.js:10:21:10:51 | 'http:/ ... raphql' |
@@ -215,6 +217,7 @@ test_getUrl
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:257:13:262:1 | {\\n    m ... ers()\\n} |
 | tst.js:267:1:267:61 | httpPro ... 9000'}) | tst.js:267:37:267:59 | 'http:/ ... t:9000' |
 | tst.js:271:3:271:61 | proxy.w ... 080' }) | tst.js:271:33:271:58 | 'http:/ ... m:8080' |
+| tst.js:274:1:283:2 | httpPro ... true\\n}) | tst.js:275:13:281:5 | {\\n      ... ,\\n    } |
 test_getAResponseDataNode
 | tst.js:19:5:19:23 | requestPromise(url) | tst.js:19:5:19:23 | requestPromise(url) | text | true |
 | tst.js:21:5:21:23 | superagent.get(url) | tst.js:21:5:21:23 | superagent.get(url) | stream | true |

javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js

@@ -270,3 +270,14 @@ var proxy = httpProxy.createProxyServer(options);
 http.createServer(function(req, res) {
   proxy.web(req, res, { target: 'http://mytarget.com:8080' });
 });
+
+httpProxy.createProxyServer({
+    target: {
+        protocol: 'https:',
+        host: 'my-domain-name',
+        port: 443,
+        pfx: fs.readFileSync('path/to/certificate.p12'),
+        passphrase: 'password',
+    },
+    changeOrigin: true
+}).listen(8000);