Added test case with inheretence.

Napalys · Napalys · commit c295206ae009 · 2025-03-20T10:35:51.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts
@@ -1,6 +1,8 @@
 import { ApolloServer } from '@apollo/server';
 import { get } from 'https';
 
+class CustomApollo extends ApolloServer {}
+
 function createApolloServer(typeDefs) {
     const resolvers = {
         Mutation: {
@@ -11,4 +13,15 @@ function createApolloServer(typeDefs) {
         },
       };
     const server = new ApolloServer({typeDefs, resolvers});
+
+    const resolvers2 = {
+      Mutation: {
+        downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery]
+          files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery]
+          return true;
+        },
+      },
+    };
+
+    const srv = new CustomApollo({typeDefs, resolvers: resolvers2});
 }
