github
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-089/tsconfig.json‎
Lines changed: 0 additions & 1 deletion b/‎javascript/ql/test/query-tests/Security/CWE-089/tsconfig.json‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected‎
Lines changed: 15 additions & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎…ests/Security/CWE-089/SqlInjection.qlref‎ ‎…ecurity/CWE-089/typed/SqlInjection.qlref‎javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.qlref renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.qlref b/‎…ests/Security/CWE-089/SqlInjection.qlref‎ ‎…ecurity/CWE-089/typed/SqlInjection.qlref‎javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.qlref renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.qlref
diff --git a/‎…t/query-tests/Security/CWE-089/shim.d.ts‎ ‎…y-tests/Security/CWE-089/typed/shim.d.ts‎javascript/ql/test/query-tests/Security/CWE-089/shim.d.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/shim.d.ts b/‎…t/query-tests/Security/CWE-089/shim.d.ts‎ ‎…y-tests/Security/CWE-089/typed/shim.d.ts‎javascript/ql/test/query-tests/Security/CWE-089/shim.d.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/shim.d.ts
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-089/typed/tsconfig.json‎
Lines changed: 6 additions & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-089/typed/tsconfig.json‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎…ry-tests/Security/CWE-089/typedClient.ts‎ ‎…ts/Security/CWE-089/typed/typedClient.ts‎javascript/ql/test/query-tests/Security/CWE-089/typedClient.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/typedClient.ts
Lines changed: 2 additions & 2 deletions b/‎…ry-tests/Security/CWE-089/typedClient.ts‎ ‎…ts/Security/CWE-089/typed/typedClient.ts‎javascript/ql/test/query-tests/Security/CWE-089/typedClient.ts renamed to javascript/ql/test/query-tests/Security/CWE-089/typed/typedClient.ts
Lines changed: 2 additions & 2 deletions
diff --git a/‎…s/Security/CWE-089/SqlInjection.expected‎ ‎…ty/CWE-089/untyped/SqlInjection.expected‎javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.expected renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
Lines changed: 0 additions & 12 deletions b/‎…s/Security/CWE-089/SqlInjection.expected‎ ‎…ty/CWE-089/untyped/SqlInjection.expected‎javascript/ql/test/query-tests/Security/CWE-089/SqlInjection.expected renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
Lines changed: 0 additions & 12 deletions
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.qlref‎
Lines changed: 1 addition & 0 deletions b/‎javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.qlref‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎…/query-tests/Security/CWE-089/mongodb.js‎ ‎…ests/Security/CWE-089/untyped/mongodb.js‎javascript/ql/test/query-tests/Security/CWE-089/mongodb.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb.js b/‎…/query-tests/Security/CWE-089/mongodb.js‎ ‎…ests/Security/CWE-089/untyped/mongodb.js‎javascript/ql/test/query-tests/Security/CWE-089/mongodb.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb.js
diff --git a/‎…sts/Security/CWE-089/mongodb_bodySafe.js‎ ‎…rity/CWE-089/untyped/mongodb_bodySafe.js‎javascript/ql/test/query-tests/Security/CWE-089/mongodb_bodySafe.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb_bodySafe.js b/‎…sts/Security/CWE-089/mongodb_bodySafe.js‎ ‎…rity/CWE-089/untyped/mongodb_bodySafe.js‎javascript/ql/test/query-tests/Security/CWE-089/mongodb_bodySafe.js renamed to javascript/ql/test/query-tests/Security/CWE-089/untyped/mongodb_bodySafe.js
@@ -0,0 +1,15 @@
+nodes
+| typedClient.ts:13:7:13:32 | v |
+| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
+| typedClient.ts:13:22:13:29 | req.body |
+| typedClient.ts:13:22:13:31 | req.body.x |
+| typedClient.ts:14:24:14:32 | { id: v } |
+| typedClient.ts:14:30:14:30 | v |
+edges
+| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
+| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
+| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
+| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
+| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
+#select
+| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
@@ -0,0 +1,6 @@
+{
+  "include": ["."],
+  "compilerOptions": {
+    "esModuleInterop": true
+  }
+}
@@ -1,7 +1,7 @@
 import * as mongodb from "mongodb";
 
-import express from 'express';
-import bodyParser from 'body-parser';
+const express = require('express') as any;
+const bodyParser = require('body-parser') as any;
 
 declare function getCollection(): mongodb.Collection;
 
 
@@ -63,12 +63,6 @@ nodes
 | tst4.js:8:46:8:60 | $routeParams.id |
 | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
 | tst.js:10:46:10:58 | req.params.id |
-| typedClient.ts:13:7:13:32 | v |
-| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
-| typedClient.ts:13:22:13:29 | req.body |
-| typedClient.ts:13:22:13:31 | req.body.x |
-| typedClient.ts:14:24:14:32 | { id: v } |
-| typedClient.ts:14:30:14:30 | v |
 edges
 | mongodb.js:12:11:12:20 | query | mongodb.js:14:59:14:58 | query |
 | mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query |
@@ -162,11 +156,6 @@ edges
 | tst.js:10:10:10:58 | 'SELECT ... rams.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
 | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:58 | 'SELECT ... rams.id |
 | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' |
-| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
-| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
-| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
-| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
-| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
 #select
 | mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on $@. | mongodb.js:13:19:13:26 | req.body | a user-provided value |
 | mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on $@. | mongodb.js:26:19:26:26 | req.body | a user-provided value |
@@ -193,4 +182,3 @@ edges
 | tst3.js:10:14:10:19 | query1 | tst3.js:9:16:9:34 | req.params.category | tst3.js:10:14:10:19 | query1 | This query depends on $@. | tst3.js:9:16:9:34 | req.params.category | a user-provided value |
 | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on $@. | tst4.js:8:46:8:60 | $routeParams.id | a user-provided value |
 | tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on $@. | tst.js:10:46:10:58 | req.params.id | a user-provided value |
-| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on $@. | typedClient.ts:13:22:13:29 | req.body | a user-provided value |
@@ -0,0 +1 @@
+Security/CWE-089/SqlInjection.ql