Added support for putForm.

Napalys · Napalys · commit ad6066282f05 · 2025-03-24T13:46:14.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
@@ -222,7 +222,7 @@ module ClientRequest {
       method = "request"
       or
       this = axios().getMember(method).getACall() and
-      method = [httpMethodName(), "request", "postForm"]
+      method = [httpMethodName(), "request", "postForm", "putForm"]
     }
 
     private int getOptionsArgIndex() {
@@ -254,7 +254,7 @@ module ClientRequest {
       method = ["post", "put"] and
       result = [this.getArgument(1), this.getOptionArgument(2, "data")]
       or
-      method = ["postForm"] and result = this.getArgument(1)
+      method = ["postForm", "putForm"] and result = this.getArgument(1)
       or
       result = this.getOptionArgument([0 .. 2], ["headers", "params"])
     }
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected
@@ -98,6 +98,8 @@ test_ClientRequest
 | tst.js:320:5:320:23 | superagent.del(url) |
 | tst.js:321:5:321:32 | superag ... st(url) |
 | tst.js:325:5:325:37 | axios.p ... config) |
+| tst.js:326:5:326:28 | axios.p ... , data) |
+| tst.js:327:5:327:36 | axios.p ... config) |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} |
@@ -142,6 +144,8 @@ test_getADataNode
 | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data |
 | tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:25:325:28 | data |
+| tst.js:326:5:326:28 | axios.p ... , data) | tst.js:326:24:326:27 | data |
+| tst.js:327:5:327:36 | axios.p ... config) | tst.js:327:24:327:27 | data |
 test_getHost
 | tst.js:87:5:87:39 | http.ge ...  host}) | tst.js:87:34:87:37 | host |
 | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host |
@@ -257,6 +261,8 @@ test_getUrl
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url |
 | tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:20:325:22 | url |
+| tst.js:326:5:326:28 | axios.p ... , data) | tst.js:326:19:326:21 | url |
+| tst.js:327:5:327:36 | axios.p ... config) | tst.js:327:19:327:21 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |
@@ -338,3 +344,5 @@ test_getAResponseDataNode
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true |
 | tst.js:325:5:325:37 | axios.p ... config) | tst.js:325:5:325:37 | axios.p ... config) | json | true |
+| tst.js:326:5:326:28 | axios.p ... , data) | tst.js:326:5:326:28 | axios.p ... , data) | json | true |
+| tst.js:327:5:327:36 | axios.p ... config) | tst.js:327:5:327:36 | axios.p ... config) | json | true |
diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js
@@ -323,8 +323,8 @@ function useSuperagent(url){
 
 function moreAxiosTests(url, data, config){
     axios.postForm(url, data, config);
-    axios.putForm(url, data); // not flagged
-    axios.putForm(url, data, config); // not flagged
+    axios.putForm(url, data);
+    axios.putForm(url, data, config);
     axios.patchForm(url, data); // not flagged
     axios.patchForm(url, data, config); // not flagged
     axios.getUri({ url: url }); // not flagged
