From e5c179d5a408568620f1b6753484e5e1c6b5f09c Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 19 Mar 2025 17:44:22 +0100 Subject: [PATCH 1/9] Added test cases for superagent --- .../ql/test/library-tests/frameworks/ClientRequests/tst.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index b2b9d8256ca3..7951d18dcf53 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -314,3 +314,9 @@ function usePolyfill() { return response.text() }) } + +function useSuperagent(url){ + superagent('GET', url); // Not flagged + superagent.del(url); // Not flagged + superagent.agent().post(url).send(data); // Not flagged +} From 2e1734eebab9d4687c44e349b63391ffdcc5b98b Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 19 Mar 2025 17:45:20 +0100 Subject: [PATCH 2/9] Added support for `del` function in superagent --- .../lib/semmle/javascript/frameworks/ClientRequests.qll | 9 ++++++++- .../frameworks/ClientRequests/ClientRequests.expected | 3 +++ .../test/library-tests/frameworks/ClientRequests/tst.js | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 720d917d4985..3b59b3a5bf0c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -513,6 +513,13 @@ module ClientRequest { } } + /** + * Gets the name of a superagent request method. + */ + private string getSuperagentRequestMethodName() { + result = [httpMethodName(), any(Http::RequestMethodName m), "del", "DEL"] + } + /** * A model of a URL request made using the `superagent` library. */ @@ -522,7 +529,7 @@ module ClientRequest { SuperAgentUrlRequest() { exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() | moduleName = "superagent" and - callee = DataFlow::moduleMember(moduleName, httpMethodName()) and + callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and url = this.getArgument(0) ) } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 62a3b33c63fd..4f38cf1de5a2 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -91,6 +91,7 @@ test_ClientRequest | tst.js:286:20:286:55 | new Web ... :8080') | | tst.js:296:5:299:6 | axios({ ... \\n }) | | tst.js:312:12:312:36 | fetchPo ... o/bar') | +| tst.js:320:5:320:23 | superagent.del(url) | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | @@ -240,6 +241,7 @@ test_getUrl | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:296:11:299:5 | {\\n ... ,\\n } | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:298:14:298:44 | "http:/ ... -axios" | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:26:312:35 | '/foo/bar' | +| tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | @@ -314,3 +316,4 @@ test_getAResponseDataNode | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:303:26:303:37 | err.response | json | false | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:304:27:304:38 | err.response | json | false | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:12:312:36 | fetchPo ... o/bar') | fetch.response | true | +| tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index 7951d18dcf53..f6e8bf8270f8 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -317,6 +317,6 @@ function usePolyfill() { function useSuperagent(url){ superagent('GET', url); // Not flagged - superagent.del(url); // Not flagged + superagent.del(url); superagent.agent().post(url).send(data); // Not flagged } From cdf4f5395ffece84bad9e5a565c209c62a14c4a4 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 19 Mar 2025 17:50:05 +0100 Subject: [PATCH 3/9] Enhance SuperAgent URL request handling for both method calls and direct calls --- .../semmle/javascript/frameworks/ClientRequests.qll | 12 ++++++++++-- .../ClientRequests/ClientRequests.expected | 3 +++ .../library-tests/frameworks/ClientRequests/tst.js | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 3b59b3a5bf0c..6641dc6f3701 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -529,8 +529,16 @@ module ClientRequest { SuperAgentUrlRequest() { exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() | moduleName = "superagent" and - callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and - url = this.getArgument(0) + ( + // Handle method calls like superagent.get(url) + callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and + url = this.getArgument(0) + or + // Handle direct calls like superagent('GET', url) + callee = DataFlow::moduleImport(moduleName) and + this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and + url = this.getArgument(1) + ) ) } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 4f38cf1de5a2..5d89351af5a8 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -91,6 +91,7 @@ test_ClientRequest | tst.js:286:20:286:55 | new Web ... :8080') | | tst.js:296:5:299:6 | axios({ ... \\n }) | | tst.js:312:12:312:36 | fetchPo ... o/bar') | +| tst.js:319:5:319:26 | superag ... ', url) | | tst.js:320:5:320:23 | superagent.del(url) | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | @@ -241,6 +242,7 @@ test_getUrl | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:296:11:299:5 | {\\n ... ,\\n } | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:298:14:298:44 | "http:/ ... -axios" | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:26:312:35 | '/foo/bar' | +| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | @@ -316,4 +318,5 @@ test_getAResponseDataNode | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:303:26:303:37 | err.response | json | false | | tst.js:296:5:299:6 | axios({ ... \\n }) | tst.js:304:27:304:38 | err.response | json | false | | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:12:312:36 | fetchPo ... o/bar') | fetch.response | true | +| tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index f6e8bf8270f8..d179def16a32 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -316,7 +316,7 @@ function usePolyfill() { } function useSuperagent(url){ - superagent('GET', url); // Not flagged + superagent('GET', url); superagent.del(url); superagent.agent().post(url).send(data); // Not flagged } From 539e2ef558f213e97a12505a7a79d6654f7c82d7 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 19 Mar 2025 17:51:56 +0100 Subject: [PATCH 4/9] Added support for `superagent.agent()`. --- .../semmle/javascript/frameworks/ClientRequests.qll | 11 ++++++++++- .../frameworks/ClientRequests/ClientRequests.expected | 4 ++++ .../library-tests/frameworks/ClientRequests/tst.js | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 6641dc6f3701..d232de3d72ae 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -527,17 +527,26 @@ module ClientRequest { DataFlow::Node url; SuperAgentUrlRequest() { - exists(string moduleName, DataFlow::SourceNode callee | this = callee.getACall() | + exists(string moduleName, DataFlow::SourceNode callee | moduleName = "superagent" and ( + this = callee.getACall() and // Handle method calls like superagent.get(url) callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and url = this.getArgument(0) or + this = callee.getACall() and // Handle direct calls like superagent('GET', url) callee = DataFlow::moduleImport(moduleName) and this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and url = this.getArgument(1) + or + // Handle agent calls like superagent.agent().get(url) + exists(DataFlow::SourceNode agent | + agent = DataFlow::moduleMember(moduleName, "agent").getACall() and + this = agent.getAMethodCall(httpMethodName()) and + url = this.getArgument(0) + ) ) ) } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 5d89351af5a8..3bc77bbb47a9 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -93,6 +93,7 @@ test_ClientRequest | tst.js:312:12:312:36 | fetchPo ... o/bar') | | tst.js:319:5:319:26 | superag ... ', url) | | tst.js:320:5:320:23 | superagent.del(url) | +| tst.js:321:5:321:32 | superag ... st(url) | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | @@ -134,6 +135,7 @@ test_getADataNode | tst.js:249:1:251:2 | form.su ... e();\\n}) | tst.js:247:24:247:68 | request ... o.png') | | tst.js:257:1:262:2 | form.su ... rs()\\n}) | tst.js:255:25:255:35 | 'new_value' | | tst.js:286:20:286:55 | new Web ... :8080') | tst.js:288:21:288:35 | 'Hello Server!' | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:39:321:42 | data | test_getHost | tst.js:87:5:87:39 | http.ge ... host}) | tst.js:87:34:87:37 | host | | tst.js:89:5:89:23 | axios({host: host}) | tst.js:89:18:89:21 | host | @@ -244,6 +246,7 @@ test_getUrl | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:26:312:35 | '/foo/bar' | | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | @@ -320,3 +323,4 @@ test_getAResponseDataNode | tst.js:312:12:312:36 | fetchPo ... o/bar') | tst.js:312:12:312:36 | fetchPo ... o/bar') | fetch.response | true | | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | +| tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index d179def16a32..48c7d7786234 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -318,5 +318,5 @@ function usePolyfill() { function useSuperagent(url){ superagent('GET', url); superagent.del(url); - superagent.agent().post(url).send(data); // Not flagged + superagent.agent().post(url).send(data); } From af567b49fbeb70670531f61726c6f0a686da98b5 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 19 Mar 2025 17:59:27 +0100 Subject: [PATCH 5/9] Simplified `SuperAgentUrlRequest`. --- .../javascript/frameworks/ClientRequests.qll | 33 ++++++++----------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index d232de3d72ae..1c8d25690103 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -527,26 +527,21 @@ module ClientRequest { DataFlow::Node url; SuperAgentUrlRequest() { - exists(string moduleName, DataFlow::SourceNode callee | - moduleName = "superagent" and - ( - this = callee.getACall() and - // Handle method calls like superagent.get(url) - callee = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()) and + exists(string moduleName | moduleName = "superagent" | + // Handle method calls like superagent.get(url) + this = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()).getACall() and + url = this.getArgument(0) + or + // Handle direct calls like superagent('GET', url) + this = DataFlow::moduleImport(moduleName).getACall() and + this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and + url = this.getArgument(1) + or + // Handle agent calls like superagent.agent().get(url) + exists(DataFlow::SourceNode agent | + agent = DataFlow::moduleMember(moduleName, "agent").getACall() and + this = agent.getAMethodCall(httpMethodName()) and url = this.getArgument(0) - or - this = callee.getACall() and - // Handle direct calls like superagent('GET', url) - callee = DataFlow::moduleImport(moduleName) and - this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and - url = this.getArgument(1) - or - // Handle agent calls like superagent.agent().get(url) - exists(DataFlow::SourceNode agent | - agent = DataFlow::moduleMember(moduleName, "agent").getACall() and - this = agent.getAMethodCall(httpMethodName()) and - url = this.getArgument(0) - ) ) ) } From 38624a0d787ae3781003ae686a1ea953700b5423 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 20 Mar 2025 12:13:32 +0100 Subject: [PATCH 6/9] Added change note --- javascript/ql/lib/change-notes/2025-03-20-superagent.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-03-20-superagent.md diff --git a/javascript/ql/lib/change-notes/2025-03-20-superagent.md b/javascript/ql/lib/change-notes/2025-03-20-superagent.md new file mode 100644 index 000000000000..8f3f8757ff8f --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-03-20-superagent.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Extended support for `superagent` to include function call syntax and agent-based requests. From 13e90c16060872de6c8172a250aea7b22380329f Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 20 Mar 2025 13:48:40 +0100 Subject: [PATCH 7/9] Update javascript/ql/lib/change-notes/2025-03-20-superagent.md Co-authored-by: Asger F --- javascript/ql/lib/change-notes/2025-03-20-superagent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/change-notes/2025-03-20-superagent.md b/javascript/ql/lib/change-notes/2025-03-20-superagent.md index 8f3f8757ff8f..6516d49d66df 100644 --- a/javascript/ql/lib/change-notes/2025-03-20-superagent.md +++ b/javascript/ql/lib/change-notes/2025-03-20-superagent.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Extended support for `superagent` to include function call syntax and agent-based requests. +* Improved support for `superagent` to handle the case where the package is directly called as a function, or via the `.del()` or `.agent()` method. From 401c6ea0f6ace23ea7e1bde4c51b3c241d4b9976 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 20 Mar 2025 18:15:48 +0100 Subject: [PATCH 8/9] Added test case which is not detected by dataflow. --- .../library-tests/frameworks/ClientRequests/superagent.js | 7 +++++++ .../frameworks/ClientRequests/superagentWrapper.js | 2 ++ 2 files changed, 9 insertions(+) create mode 100644 javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js create mode 100644 javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js new file mode 100644 index 000000000000..d3172de20795 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js @@ -0,0 +1,7 @@ +import { superagent } from "./superagentWrapper.js"; + +function test(url) { + superagent('GET', url); // Not flagged + superagent.del(url); // Not flagged + superagent.agent().post(url).send(data); // Not flagged +} diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js new file mode 100644 index 000000000000..58c47db2fffc --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagentWrapper.js @@ -0,0 +1,2 @@ +import superagent from 'superagent'; +export { superagent } From d61d038b9b5f70d772bb08700842ba4135c6f56b Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 20 Mar 2025 18:16:48 +0100 Subject: [PATCH 9/9] Refactored `SuperAgentUrlRequest` to use API graph. --- .../semmle/javascript/frameworks/ClientRequests.qll | 6 +++--- .../frameworks/ClientRequests/ClientRequests.expected | 10 ++++++++++ .../frameworks/ClientRequests/superagent.js | 6 +++--- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 1c8d25690103..d4508da39021 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -529,17 +529,17 @@ module ClientRequest { SuperAgentUrlRequest() { exists(string moduleName | moduleName = "superagent" | // Handle method calls like superagent.get(url) - this = DataFlow::moduleMember(moduleName, getSuperagentRequestMethodName()).getACall() and + this = API::moduleImport(moduleName).getMember(getSuperagentRequestMethodName()).getACall() and url = this.getArgument(0) or // Handle direct calls like superagent('GET', url) - this = DataFlow::moduleImport(moduleName).getACall() and + this = API::moduleImport(moduleName).getACall() and this.getArgument(0).mayHaveStringValue(getSuperagentRequestMethodName()) and url = this.getArgument(1) or // Handle agent calls like superagent.agent().get(url) exists(DataFlow::SourceNode agent | - agent = DataFlow::moduleMember(moduleName, "agent").getACall() and + agent = API::moduleImport(moduleName).getMember("agent").getACall() and this = agent.getAMethodCall(httpMethodName()) and url = this.getArgument(0) ) diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 3bc77bbb47a9..f9ab265e10d8 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -10,6 +10,9 @@ test_ClientRequest | puppeteer.ts:6:11:6:42 | page.go ... e.com') | | puppeteer.ts:8:5:8:61 | page.ad ... css" }) | | puppeteer.ts:18:30:18:50 | page.go ... estUrl) | +| superagent.js:4:5:4:26 | superag ... ', url) | +| superagent.js:5:5:5:23 | superagent.del(url) | +| superagent.js:6:5:6:32 | superag ... st(url) | | tst.js:11:5:11:16 | request(url) | | tst.js:13:5:13:20 | request.get(url) | | tst.js:15:5:15:23 | request.delete(url) | @@ -97,6 +100,7 @@ test_ClientRequest test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:39:6:42 | data | | tst.js:53:5:53:23 | axios({data: data}) | tst.js:53:18:53:21 | data | | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:19:57:23 | data1 | | tst.js:57:5:57:39 | axios.p ... data2}) | tst.js:57:33:57:37 | data2 | @@ -158,6 +162,9 @@ test_getUrl | puppeteer.ts:6:11:6:42 | page.go ... e.com') | puppeteer.ts:6:21:6:41 | 'https: ... le.com' | | puppeteer.ts:8:5:8:61 | page.ad ... css" }) | puppeteer.ts:8:29:8:58 | "http:/ ... le.css" | | puppeteer.ts:18:30:18:50 | page.go ... estUrl) | puppeteer.ts:18:40:18:49 | requestUrl | +| superagent.js:4:5:4:26 | superag ... ', url) | superagent.js:4:23:4:25 | url | +| superagent.js:5:5:5:23 | superagent.del(url) | superagent.js:5:20:5:22 | url | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:29:6:31 | url | | tst.js:11:5:11:16 | request(url) | tst.js:11:13:11:15 | url | | tst.js:13:5:13:20 | request.get(url) | tst.js:13:17:13:19 | url | | tst.js:15:5:15:23 | request.delete(url) | tst.js:15:20:15:22 | url | @@ -250,6 +257,9 @@ test_getUrl test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | +| superagent.js:4:5:4:26 | superag ... ', url) | superagent.js:4:5:4:26 | superag ... ', url) | stream | true | +| superagent.js:5:5:5:23 | superagent.del(url) | superagent.js:5:5:5:23 | superagent.del(url) | stream | true | +| superagent.js:6:5:6:32 | superag ... st(url) | superagent.js:6:5:6:32 | superag ... st(url) | stream | true | | tst.js:19:5:19:23 | requestPromise(url) | tst.js:19:5:19:23 | requestPromise(url) | text | true | | tst.js:21:5:21:23 | superagent.get(url) | tst.js:21:5:21:23 | superagent.get(url) | stream | true | | tst.js:25:5:25:14 | axios(url) | tst.js:25:5:25:14 | axios(url) | | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js index d3172de20795..b96c4fa45df8 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/superagent.js @@ -1,7 +1,7 @@ import { superagent } from "./superagentWrapper.js"; function test(url) { - superagent('GET', url); // Not flagged - superagent.del(url); // Not flagged - superagent.agent().post(url).send(data); // Not flagged + superagent('GET', url); + superagent.del(url); + superagent.agent().post(url).send(data); }