File tree Expand file tree Collapse file tree 3 files changed +20
-0
lines changed
src/semmle/javascript/frameworks
test/library-tests/frameworks/Express Expand file tree Collapse file tree 3 files changed +20
-0
lines changed Original file line number Diff line number Diff line change @@ -479,6 +479,17 @@ module Express {
479479 methodName = "header"
480480 )
481481 or
482+ exists ( DataFlow:: PropRead headers |
483+ // `req.headers.name`
484+ kind = "header" and
485+ headers .accesses ( request , "headers" ) and
486+ this = headers .getAPropertyRead ( _) )
487+ or
488+ exists ( string propName | propName = "host" or propName = "hostname" |
489+ // `req.host` and `req.hostname` are derived from headers
490+ kind = "header" and
491+ this .( DataFlow:: PropRead ) .accesses ( request , propName ) )
492+ or
482493 // `req.cookies`
483494 kind = "cookie" and
484495 this .( DataFlow:: PropRef ) .accesses ( request , "cookies" )
Original file line number Diff line number Diff line change 1212| src/express.js:28:3:28:16 | req.get("foo") | header | src/express.js:22:30:32:1 | functio ... ar');\\n} |
1313| src/express.js:29:3:29:19 | req.header("bar") | header | src/express.js:22:30:32:1 | functio ... ar');\\n} |
1414| src/express.js:30:3:30:13 | req.cookies | cookie | src/express.js:22:30:32:1 | functio ... ar');\\n} |
15+ | src/express.js:47:3:47:17 | req.headers.baz | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
16+ | src/express.js:48:3:48:10 | req.host | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
17+ | src/express.js:49:3:49:14 | req.hostname | header | src/express.js:46:22:50:1 | functio ... name;\\n} |
Original file line number Diff line number Diff line change @@ -42,3 +42,9 @@ function getArrowHandler() {
4242 return ( req , res ) => f ( ) ;
4343}
4444app . use ( getArrowHandler ( ) ) ;
45+
46+ app . post ( '/headers' , function ( req , res ) {
47+ req . headers . baz ;
48+ req . host ;
49+ req . hostname ;
50+ } ) ;
You can’t perform that action at this time.
0 commit comments