From a58c4eb652e9895f8a456c65825657ad39f1c95c Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 21 Mar 2025 13:29:41 +0100 Subject: [PATCH 1/8] Added additional test cases for `got` package. --- .../ClientRequests/ClientRequests.expected | 8 ++++++++ .../frameworks/ClientRequests/tst.js | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index f9ab265e10d8..4f306b1a2635 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -97,6 +97,9 @@ test_ClientRequest | tst.js:319:5:319:26 | superag ... ', url) | | tst.js:320:5:320:23 | superagent.del(url) | | tst.js:321:5:321:32 | superag ... st(url) | +| tst.js:328:5:328:38 | got(und ... ptions) | +| tst.js:329:5:329:45 | got(und ... {url})) | +| tst.js:337:5:337:20 | jsonClient.get() | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | @@ -254,6 +257,8 @@ test_getUrl | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | +| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | @@ -334,3 +339,6 @@ test_getAResponseDataNode | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true | +| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:5:329:45 | got(und ... {url})) | text | true | +| tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index 48c7d7786234..9bdc7bb95ea4 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -320,3 +320,22 @@ function useSuperagent(url){ superagent.del(url); superagent.agent().post(url).send(data); } + +import { Options } from 'got'; + +function gotTests(url){ + const options = new Options({url}); + got(undefined, undefined, options); // undefined is flagged, but should be url from options + got(undefined, undefined, Options({url})); // undefined is flagged, but should be url from options + + const options2 = new Options({url}); + got.extend(options2).extend(options).get(); // not flagged + + got.paginate(url, {}); // not flagged + + const jsonClient = got.extend({url: url}); + jsonClient.get(); // call flagged not the actual url flow + + const jsonClient2 = got.extend({url: url}).extend({url: url}); + jsonClient2.get(); // not flagged +} From b33f760765d387cf22e39a2c9c3f1a28f790b70c Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 21 Mar 2025 13:33:46 +0100 Subject: [PATCH 2/8] Manage chain calls of `extend`. --- .../semmle/javascript/frameworks/ClientRequests.qll | 10 +++++++++- .../library-tests/frameworks/ClientRequests/tst.js | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index d4508da39021..bd5866d3053d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -414,13 +414,21 @@ module ClientRequest { } } + /** + * Gets a reference to an instance of the `got` library, including instances + * created through chained `extend` calls. + */ + private API::Node getAGotInstance() { + result = [API::moduleImport("got"), getAGotInstance().getMember("extend").getReturn()] + } + /** * A model of a URL request made using the `got` library. */ class GotUrlRequest extends ClientRequest::Range { GotUrlRequest() { exists(API::Node callee, API::Node got | this = callee.getACall() | - got = [API::moduleImport("got"), API::moduleImport("got").getMember("extend").getReturn()] and + got = getAGotInstance() and callee = [got, got.getMember(["stream", "get", "post", "put", "patch", "head", "delete"])] ) } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index 9bdc7bb95ea4..ff2ac6b7069b 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -329,7 +329,7 @@ function gotTests(url){ got(undefined, undefined, Options({url})); // undefined is flagged, but should be url from options const options2 = new Options({url}); - got.extend(options2).extend(options).get(); // not flagged + got.extend(options2).extend(options).get(); // call flagged not the actual url flow got.paginate(url, {}); // not flagged @@ -337,5 +337,5 @@ function gotTests(url){ jsonClient.get(); // call flagged not the actual url flow const jsonClient2 = got.extend({url: url}).extend({url: url}); - jsonClient2.get(); // not flagged + jsonClient2.get(); // call flagged not the actual url flow } From 99efb610d4b9b46a9b0c006a3cae68e3f52b340f Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 21 Mar 2025 13:42:14 +0100 Subject: [PATCH 3/8] Enhance URL handling in ClientRequest for `got` `Options` --- .../ql/lib/semmle/javascript/frameworks/ClientRequests.qll | 7 +++++++ .../frameworks/ClientRequests/ClientRequests.expected | 6 ++++++ .../ql/test/library-tests/frameworks/ClientRequests/tst.js | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index bd5866d3053d..e5098acb598c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -436,6 +436,13 @@ module ClientRequest { override DataFlow::Node getUrl() { result = this.getArgument(0) and not exists(this.getOptionArgument(1, "baseUrl")) + or + // Handle URL when passed as options + exists(API::InvokeNode optionsCall | + optionsCall = API::moduleImport("got").getMember("Options").getAnInvocation() and + optionsCall.getReturn().getAValueReachableFromSource() = this.getAnArgument() and + result = optionsCall.getParameter(0).getMember("url").asSink() + ) } override DataFlow::Node getHost() { diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 4f306b1a2635..84b0aeaeac90 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -99,7 +99,9 @@ test_ClientRequest | tst.js:321:5:321:32 | superag ... st(url) | | tst.js:328:5:328:38 | got(und ... ptions) | | tst.js:329:5:329:45 | got(und ... {url})) | +| tst.js:332:5:332:46 | got.ext ... ).get() | | tst.js:337:5:337:20 | jsonClient.get() | +| tst.js:340:5:340:21 | jsonClient2.get() | test_getADataNode | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} | @@ -257,8 +259,10 @@ test_getUrl | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url | | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url | | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url | +| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:327:34:327:36 | url | | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | +| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | @@ -341,4 +345,6 @@ test_getAResponseDataNode | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true | | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:5:329:45 | got(und ... {url})) | text | true | +| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:332:5:332:46 | got.ext ... ).get() | text | true | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index ff2ac6b7069b..b44ee6dc6e35 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -325,8 +325,8 @@ import { Options } from 'got'; function gotTests(url){ const options = new Options({url}); - got(undefined, undefined, options); // undefined is flagged, but should be url from options - got(undefined, undefined, Options({url})); // undefined is flagged, but should be url from options + got(undefined, undefined, options); + got(undefined, undefined, Options({url})); const options2 = new Options({url}); got.extend(options2).extend(options).get(); // call flagged not the actual url flow From 63193fa91c7cf858f03a745262f95b8c0db1fc6e Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 21 Mar 2025 13:47:06 +0100 Subject: [PATCH 4/8] Improve URL handling in ClientRequest for extend() and Options --- .../lib/semmle/javascript/frameworks/ClientRequests.qll | 9 ++++++++- .../frameworks/ClientRequests/ClientRequests.expected | 6 ++++++ .../test/library-tests/frameworks/ClientRequests/tst.js | 6 +++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index e5098acb598c..78d962d019a8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -437,7 +437,14 @@ module ClientRequest { result = this.getArgument(0) and not exists(this.getOptionArgument(1, "baseUrl")) or - // Handle URL when passed as options + // Handle URL from options passed to extend() + exists(API::CallNode extendCall | + extendCall = API::moduleImport("got").getMember("extend").getACall() and + result = extendCall.getParameter(0).getMember("url").asSink() and + not exists(this.getArgument(0)) + ) + or + // Handle URL from options passed as third argument when first arg is undefined/missing exists(API::InvokeNode optionsCall | optionsCall = API::moduleImport("got").getMember("Options").getAnInvocation() and optionsCall.getReturn().getAValueReachableFromSource() = this.getAnArgument() and diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 84b0aeaeac90..29a3374b7b94 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -263,6 +263,12 @@ test_getUrl | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url | +| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:336:41:336:43 | url | +| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:339:42:339:44 | url | +| tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url | +| tst.js:337:5:337:20 | jsonClient.get() | tst.js:339:42:339:44 | url | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:336:41:336:43 | url | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index b44ee6dc6e35..4fe45b795c66 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -329,13 +329,13 @@ function gotTests(url){ got(undefined, undefined, Options({url})); const options2 = new Options({url}); - got.extend(options2).extend(options).get(); // call flagged not the actual url flow + got.extend(options2).extend(options).get(); got.paginate(url, {}); // not flagged const jsonClient = got.extend({url: url}); - jsonClient.get(); // call flagged not the actual url flow + jsonClient.get(); const jsonClient2 = got.extend({url: url}).extend({url: url}); - jsonClient2.get(); // call flagged not the actual url flow + jsonClient2.get(); } From f43510c9aacd2abc4325280fcf109b3434162c6a Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 21 Mar 2025 13:48:32 +0100 Subject: [PATCH 5/8] Added support for `paginate`. --- .../ql/lib/semmle/javascript/frameworks/ClientRequests.qll | 6 +++++- .../frameworks/ClientRequests/ClientRequests.expected | 3 +++ .../ql/test/library-tests/frameworks/ClientRequests/tst.js | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 78d962d019a8..6341b2bc7b2e 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -429,7 +429,11 @@ module ClientRequest { GotUrlRequest() { exists(API::Node callee, API::Node got | this = callee.getACall() | got = getAGotInstance() and - callee = [got, got.getMember(["stream", "get", "post", "put", "patch", "head", "delete"])] + callee = + [ + got, + got.getMember(["stream", "get", "post", "put", "patch", "head", "delete", "paginate"]) + ] ) } diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index 29a3374b7b94..bee28a3c9bb1 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -100,6 +100,7 @@ test_ClientRequest | tst.js:328:5:328:38 | got(und ... ptions) | | tst.js:329:5:329:45 | got(und ... {url})) | | tst.js:332:5:332:46 | got.ext ... ).get() | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | | tst.js:337:5:337:20 | jsonClient.get() | | tst.js:340:5:340:21 | jsonClient2.get() | test_getADataNode @@ -265,6 +266,7 @@ test_getUrl | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url | | tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:336:41:336:43 | url | | tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:339:42:339:44 | url | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:339:42:339:44 | url | | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:336:41:336:43 | url | @@ -352,5 +354,6 @@ test_getAResponseDataNode | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:5:329:45 | got(und ... {url})) | text | true | | tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:332:5:332:46 | got.ext ... ).get() | text | true | +| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:5:334:25 | got.pag ... rl, {}) | text | true | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true | | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index 4fe45b795c66..332ae7b11ab0 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -331,7 +331,7 @@ function gotTests(url){ const options2 = new Options({url}); got.extend(options2).extend(options).get(); - got.paginate(url, {}); // not flagged + got.paginate(url, {}); const jsonClient = got.extend({url: url}); jsonClient.get(); From 2d6f5d1da40c31d5bae821b266158d8c4554a55e Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 24 Mar 2025 13:20:09 +0100 Subject: [PATCH 6/8] Refactor ClientRequest to introduce GotInstance classes for improved handling of `got` instances and options retrieval. --- .../javascript/frameworks/ClientRequests.qll | 50 +++++++++++++++---- .../ClientRequests/ClientRequests.expected | 5 +- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 6341b2bc7b2e..c2b01cf73178 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -415,20 +415,51 @@ module ClientRequest { } /** - * Gets a reference to an instance of the `got` library, including instances - * created through chained `extend` calls. + * Represents an instance of the `got` HTTP client library. */ - private API::Node getAGotInstance() { - result = [API::moduleImport("got"), getAGotInstance().getMember("extend").getReturn()] + abstract private class GotInstance extends API::Node { + /** + * Gets the options object associated with this instance of `got`. + */ + API::Node getOptions() { none() } + } + + /** + * Represents the root `got` module import. + * For example: `const got = require('got')`. + */ + private class RootGotInstance extends GotInstance { + RootGotInstance() { this = API::moduleImport("got") } + } + + /** + * Represents an instance of `got` created by calling the `extend()` method. + * It may also be chained with multiple calls to `extend()`. + * + * For example: `const client = got.extend({ prefixUrl: 'https://example.com' })`. + */ + private class ExtendGotInstance extends GotInstance { + private GotInstance base; + private API::CallNode extendCall; + + ExtendGotInstance() { + extendCall = base.getMember("extend").getACall() and + this = extendCall.getReturn() + } + + override API::Node getOptions() { + result = extendCall.getParameter(0) or result = base.getOptions() + } } /** * A model of a URL request made using the `got` library. */ class GotUrlRequest extends ClientRequest::Range { + GotInstance got; + GotUrlRequest() { - exists(API::Node callee, API::Node got | this = callee.getACall() | - got = getAGotInstance() and + exists(API::Node callee | this = callee.getACall() | callee = [ got, @@ -442,11 +473,8 @@ module ClientRequest { not exists(this.getOptionArgument(1, "baseUrl")) or // Handle URL from options passed to extend() - exists(API::CallNode extendCall | - extendCall = API::moduleImport("got").getMember("extend").getACall() and - result = extendCall.getParameter(0).getMember("url").asSink() and - not exists(this.getArgument(0)) - ) + result = got.getOptions().getMember("url").asSink() and + not exists(this.getArgument(0)) or // Handle URL from options passed as third argument when first arg is undefined/missing exists(API::InvokeNode optionsCall | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index bee28a3c9bb1..fa0560edc463 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -264,13 +264,10 @@ test_getUrl | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | | tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url | -| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:336:41:336:43 | url | -| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:339:42:339:44 | url | | tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url | -| tst.js:337:5:337:20 | jsonClient.get() | tst.js:339:42:339:44 | url | -| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:336:41:336:43 | url | | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url | +| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url | test_getAResponseDataNode | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | axiosTest.js:4:5:7:6 | axios({ ... \\n }) | json | true | | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | axiosTest.js:12:5:17:6 | axios({ ... \\n }) | json | true | From 240b42bb760c86835d8be9df158ca74a9278edb9 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 24 Mar 2025 13:24:40 +0100 Subject: [PATCH 7/8] Added change note. --- javascript/ql/lib/change-notes/2025-03-24-got-package.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-03-24-got-package.md diff --git a/javascript/ql/lib/change-notes/2025-03-24-got-package.md b/javascript/ql/lib/change-notes/2025-03-24-got-package.md new file mode 100644 index 000000000000..4830ce077cbd --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-03-24-got-package.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Improved support for `got` package with `Options`, `paginate()` and `extend()` From cb14b4381e969e5f60f973ef64d341863f3b24cd Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 24 Mar 2025 14:05:28 +0100 Subject: [PATCH 8/8] Applied copilot suggestions. --- .../frameworks/ClientRequests/ClientRequests.expected | 8 ++++---- .../test/library-tests/frameworks/ClientRequests/tst.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected index fa0560edc463..bb3a73004536 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected @@ -98,7 +98,7 @@ test_ClientRequest | tst.js:320:5:320:23 | superagent.del(url) | | tst.js:321:5:321:32 | superag ... st(url) | | tst.js:328:5:328:38 | got(und ... ptions) | -| tst.js:329:5:329:45 | got(und ... {url})) | +| tst.js:329:5:329:49 | got(und ... {url})) | | tst.js:332:5:332:46 | got.ext ... ).get() | | tst.js:334:5:334:25 | got.pag ... rl, {}) | | tst.js:337:5:337:20 | jsonClient.get() | @@ -262,8 +262,8 @@ test_getUrl | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url | | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:327:34:327:36 | url | | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined | -| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | -| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:40:329:42 | url | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:9:329:17 | undefined | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:44:329:46 | url | | tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url | | tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url | @@ -349,7 +349,7 @@ test_getAResponseDataNode | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true | | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true | | tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true | -| tst.js:329:5:329:45 | got(und ... {url})) | tst.js:329:5:329:45 | got(und ... {url})) | text | true | +| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:5:329:49 | got(und ... {url})) | text | true | | tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:332:5:332:46 | got.ext ... ).get() | text | true | | tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:5:334:25 | got.pag ... rl, {}) | text | true | | tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true | diff --git a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js index 332ae7b11ab0..c9fc40dc5068 100644 --- a/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js +++ b/javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js @@ -326,7 +326,7 @@ import { Options } from 'got'; function gotTests(url){ const options = new Options({url}); got(undefined, undefined, options); - got(undefined, undefined, Options({url})); + got(undefined, undefined, new Options({url})); const options2 = new Options({url}); got.extend(options2).extend(options).get();