Express.js: add req.path as remote input source

aibaars · aibaars · commit 5cc94e11050a · 2023-10-31T12:44:26.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll
@@ -618,6 +618,10 @@ module Express {
         or
         kind = "body" and
         this = ref.getAPropertyRead("body")
+        or
+        // `req.path`
+        kind = "url" and
+        this = ref.getAPropertyRead("path")
       )
     }
 
diff --git a/javascript/ql/test/library-tests/frameworks/Express/tests.expected b/javascript/ql/test/library-tests/frameworks/Express/tests.expected
@@ -1109,6 +1109,7 @@ test_RequestInputAccess
 | src/express.js:55:12:55:25 | req.params.foo | parameter | src/express.js:53:23:57:1 | functio ... res);\\n} |
 | src/express.js:61:12:61:25 | req.params.foo | parameter | src/express.js:59:23:63:1 | functio ... res);\\n} |
 | src/express.js:67:12:67:25 | req.params.foo | parameter | src/express.js:65:27:69:1 | functio ... res);\\n} |
+| src/express.js:73:12:73:19 | req.path | url | src/express.js:71:23:75:1 | functio ... res);\\n} |
 | src/inheritedFromNode.js:7:2:7:8 | req.url | url | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
 | src/params.js:4:35:4:39 | value | parameter | src/params.js:4:18:12:1 | (req, r ...     }\\n} |
 | src/params.js:5:17:5:28 | req.query.xx | parameter | src/params.js:4:18:12:1 | (req, r ...     }\\n} |

Original file line number	Diff line number	Diff line change
`@@ -618,6 +618,10 @@ module Express {`
`618`	`618`	`or`
`619`	`619`	`kind = "body" and`
`620`	`620`	`this = ref.getAPropertyRead("body")`
	`621`	`+ or`
	`622`	+ // `req.path`
	`623`	`+ kind = "url" and`
	`624`	`+ this = ref.getAPropertyRead("path")`
`621`	`625`	`)`
`622`	`626`	`}`
`623`	`627`