Added test cases for @hapi/hapi

Author: Napalys

javascript/ql/test/library-tests/frameworks/hapi/src/hapihapi.js

@@ -0,0 +1,36 @@
+var server1 = new (require('@hapi/hapi')).Server(); // HTTP::Server
+
+var Hapi = require('@hapi/hapi');
+var server2 = new Hapi.Server(); // HTTP::Server
+
+function handler1(){} // HTTP::RouteHandler
+server2.route({
+    handler: handler1
+});
+
+
+server2.route({
+    handler: function handler2(request, reply){ // HTTP::RouteHandler
+        request.response.header('HEADER1', '') // HTTP::HeaderDefinition
+    }});
+
+server2.ext('onPreResponse', function handler3(request, reply) { // HTTP::RouteHandler
+})
+
+function handler4(request, reply){
+  request.rawPayload;
+  request.payload.foo;
+  request.query.bar;
+  request.url.path;
+  request.headers.baz;
+  request.state.token;
+}
+var route = {handler: handler4};
+server2.route(route);
+
+server2.cache({ segment: 'countries', expiresIn: 60*60*1000 });
+
+function getHandler() {
+    return function (req, h){}
+}
+server2.route({handler: getHandler()});

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/hapi.js

@@ -0,0 +1,22 @@
+const Hapi = require('@hapi/hapi');
+const fs = require('fs').promises;
+
+(async () => {
+    const server = Hapi.server({
+        port: 3005,
+        host: 'localhost'
+    });
+
+    server.route({
+        method: 'GET',
+        path: '/hello',
+        handler: async (request, h) => {
+            const filepath = request.query.filepath; // $ MISSING: Source
+            const data = await fs.readFile(filepath, 'utf8'); // $ MISSING: Alert
+            const firstLine = data.split('\n')[0];
+            return firstLine;
+        }
+    });
+
+    await server.start();
+})();