Add support for axios.postForm in ClientRequest.

Napalys · Napalys · commit 0f9e1bfe74cf · 2025-03-24T13:45:25.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -222,7 +222,7 @@ module ClientRequest {
       method = "request"
       or
       this = axios().getMember(method).getACall() and
-      method = [httpMethodName(), "request"]
+      method = [httpMethodName(), "request", "postForm"]
     }
 
     private int getOptionsArgIndex() {
@@ -254,6 +254,8 @@ module ClientRequest {
       method = ["post", "put"] and
       result = [this.getArgument(1), this.getOptionArgument(2, "data")]
       or
+      method = ["postForm"] and result = this.getArgument(1)
+      or
       result = this.getOptionArgument([0 .. 2], ["headers", "params"])
     }
 
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected
@@ -97,6 +97,7 @@ test_ClientRequest
 | tst.js:319:5:319:26 | superag ... ', url) |
 | tst.js:320:5:320:23 | superagent.del(url) |
 | tst.js:321:5:321:32 | superag ... st(url) |
+| tst.js:325:5:325:37 | axios.p ... config) |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} |
@@ -140,6 +141,7 @@ test_getADataNode
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:255:25:255:35 | 'new_value' |
 | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data |
+| tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:25:325:28 | data |
 test_getHost
 | tst.js:87:5:87:39 | http.ge ...  host}) | tst.js:87:34:87:37 | host |
 | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host |
@@ -254,6 +256,7 @@ test_getUrl
 | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url |
+| tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:20:325:22 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |
@@ -334,3 +337,4 @@ test_getAResponseDataNode
 | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true |
+| tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:5:325:37 | axios.p ... config) | json | true |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -322,7 +322,7 @@ function useSuperagent(url){
 }
 
 function moreAxiosTests(url, data, config){
-    axios.postForm(url, data, config); // not flagged
+    axios.postForm(url, data, config);
     axios.putForm(url, data); // not flagged
     axios.putForm(url, data, config); // not flagged
     axios.patchForm(url, data); // not flagged

Original file line number	Diff line number	Diff line change
`@@ -322,7 +322,7 @@ function useSuperagent(url){`
`322`	`322`	`}`
`323`	`323`
`324`	`324`	`function moreAxiosTests(url, data, config){`
`325`		`- axios.postForm(url, data, config); // not flagged`
	`325`	`+ axios.postForm(url, data, config);`
`326`	`326`	`axios.putForm(url, data); // not flagged`
`327`	`327`	`axios.putForm(url, data, config); // not flagged`
`328`	`328`	`axios.patchForm(url, data); // not flagged`