add test for https.createServer in DisablingCertificateValidation.ql

erik-krogh · erik-krogh · commit 47783326c277 · 2023-03-30T14:15:25.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-295/DisablingCertificateValidation.expected b/javascript/ql/test/query-tests/Security/CWE-295/DisablingCertificateValidation.expected
@@ -9,3 +9,4 @@
 | tst.js:45:2:45:28 | rejectU ... !!false | Disabling certificate validation is strongly discouraged. |
 | tst.js:48:2:48:26 | rejectU ... : !true | Disabling certificate validation is strongly discouraged. |
 | tst.js:74:9:74:33 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
+| tst.js:80:5:80:29 | rejectU ... : false | Disabling certificate validation is strongly discouraged. |
diff --git a/javascript/ql/test/query-tests/Security/CWE-295/tst.js b/javascript/ql/test/query-tests/Security/CWE-295/tst.js
@@ -74,4 +74,8 @@ function getSomeunsafeOptions() {
         rejectUnauthorized: false // NOT OK
     }
 }
-new https.Agent(getSomeunsafeOptions());
+new https.Agent(getSomeunsafeOptions());
+
+https.createServer({
+    rejectUnauthorized: false // NOT OK
+});

Original file line number	Diff line number	Diff line change
`@@ -74,4 +74,8 @@ function getSomeunsafeOptions() {`
`74`	`74`	`rejectUnauthorized: false // NOT OK`
`75`	`75`	`}`
`76`	`76`	`}`
`77`		`-new https.Agent(getSomeunsafeOptions());`
	`77`	`+new https.Agent(getSomeunsafeOptions());`
	`78`	`+`
	`79`	`+https.createServer({`
	`80`	`+ rejectUnauthorized: false // NOT OK`
	`81`	`+});`