add ClientRequst models for http-proxy

Author: erik-krogh

javascript/ql/src/javascript.qll

@@ -94,6 +94,7 @@ import semmle.javascript.frameworks.LazyCache
 import semmle.javascript.frameworks.LodashUnderscore
 import semmle.javascript.frameworks.Logging
 import semmle.javascript.frameworks.HttpFrameworks
+import semmle.javascript.frameworks.HttpProxy
 import semmle.javascript.frameworks.Markdown
 import semmle.javascript.frameworks.NoSQL
 import semmle.javascript.frameworks.PkgCloud

javascript/ql/src/semmle/javascript/frameworks/HttpProxy.qll

@@ -0,0 +1,54 @@
+/**
+ * Provides classes and predicates for working with the [http-proxy](https://www.npmjs.com/package/http-proxy) library.
+ */
+
+import javascript
+
+/**
+ * Provides classes and predicates modelling the [http-proxy](https://www.npmjs.com/package/http-proxy) library.
+ */
+private module HttpProxy {
+  /**
+   * A call that creates a http proxy.
+   */
+  class CreateServerCall extends API::CallNode, ClientRequest::Range {
+    CreateServerCall() {
+      this =
+        API::moduleImport("http-proxy")
+            .getMember(["createServer", "createProxyServer", "createProxy"])
+            .getACall()
+    }
+
+    override DataFlow::Node getUrl() { result = getParameter(0).getMember("target").getARhs() }
+
+    override DataFlow::Node getHost() { none() }
+
+    override DataFlow::Node getADataNode() { none() }
+  }
+
+  /**
+   * A call that proxies a request to some target.
+   */
+  class ProxyCall extends API::CallNode, ClientRequest::Range {
+    string method;
+
+    ProxyCall() {
+      method = ["ws", "web"] and
+      this = any(CreateServerCall server).getReturn().getMember(method).getACall()
+    }
+
+    override DataFlow::Node getUrl() {
+      exists(int optionsIndex |
+        method = "web" and optionsIndex = 2
+        or
+        method = "ws" and optionsIndex = 3
+      |
+        result = getParameter(optionsIndex).getMember("target").getARhs()
+      )
+    }
+
+    override DataFlow::Node getHost() { none() }
+
+    override DataFlow::Node getADataNode() { none() }
+  }
+}

javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected

@@ -79,6 +79,9 @@ test_ClientRequest
 | tst.js:247:24:247:68 | request ... o.png') |
 | tst.js:249:1:251:2 | form.su ... e();\\n}) |
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) |
+| tst.js:267:1:267:61 | httpPro ... 9000'}) |
+| tst.js:269:13:269:48 | httpPro ... ptions) |
+| tst.js:271:3:271:61 | proxy.w ... 080' }) |
 test_getADataNode
 | tst.js:53:5:53:23 | axios({data: data}) | tst.js:53:18:53:21 | data |
 | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:19:57:23 | data1 |
@@ -210,6 +213,8 @@ test_getUrl
 | tst.js:247:24:247:68 | request ... o.png') | tst.js:247:32:247:67 | 'http:/ ... go.png' |
 | tst.js:249:1:251:2 | form.su ... e();\\n}) | tst.js:249:13:249:33 | 'http:/ ... e.org/' |
 | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:257:13:262:1 | {\\n    m ... ers()\\n} |
+| tst.js:267:1:267:61 | httpPro ... 9000'}) | tst.js:267:37:267:59 | 'http:/ ... t:9000' |
+| tst.js:271:3:271:61 | proxy.w ... 080' }) | tst.js:271:33:271:58 | 'http:/ ... m:8080' |
 test_getAResponseDataNode
 | tst.js:19:5:19:23 | requestPromise(url) | tst.js:19:5:19:23 | requestPromise(url) | text | true |
 | tst.js:21:5:21:23 | superagent.get(url) | tst.js:21:5:21:23 | superagent.get(url) | stream | true |

javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js

@@ -259,4 +259,14 @@ form.submit({
     host: 'example.org',
     path: '/upload',
     headers: form.getHeaders()
-});
+});
+
+var httpProxy = require('http-proxy');
+var http = require("http");
+
+httpProxy.createProxyServer({target:'http://localhost:9000'}).listen(8000); 
+
+var proxy = httpProxy.createProxyServer(options);
+http.createServer(function(req, res) {
+  proxy.web(req, res, { target: 'http://mytarget.com:8080' });
+});