Skip to content

Commit b6951d8

Browse files
author
Esben Sparre Andreasen
committed
JS: add tests for improved js/missing-rate-limiting
1 parent f7ab29a commit b6951d8

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-770/MissingRateLimiting.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@
66
| tst.js:36:20:36:36 | expensiveHandler2 | This route handler performs $@, but is not rate-limited. | tst.js:15:40:15:73 | fs.writ ... quest") | a file system access |
77
| tst.js:37:20:37:36 | expensiveHandler3 | This route handler performs $@, but is not rate-limited. | tst.js:16:40:16:70 | child_p ... /true") | a system command |
88
| tst.js:38:20:38:36 | expensiveHandler4 | This route handler performs $@, but is not rate-limited. | tst.js:17:40:17:83 | connect ... ution') | a database access |
9+
| tst.js:64:25:64:63 | functio ... req); } | This route handler performs $@, but is not rate-limited. | tst.js:64:46:64:60 | verifyUser(req) | authorization |

javascript/ql/test/query-tests/Security/CWE-770/tst.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,3 +60,6 @@ app2.get('/:path', bruteforce.prevent, expensiveHandler1); // OK
6060
var app3 = express();
6161
var limiter = require('express-limiter')(app3);
6262
app3.get('/:path', expensiveHandler1); // OK
63+
64+
express().get('/:path', function(req, res) { verifyUser(req); }); // NOT OK
65+
express().get('/:path', RateLimit(), function(req, res) { verifyUser(req); }); // OK

0 commit comments

Comments
 (0)