JS: Fix test case

asgerf · asgerf · commit 3184ddb38aeb · 2022-09-07T13:39:51.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected
@@ -44,6 +44,13 @@ nodes
 | tst.js:98:9:98:16 | data.foo |
 | tst.js:98:9:98:16 | data.foo |
 | tst.js:98:9:98:16 | data.foo |
+| tst.js:103:9:103:29 | data |
+| tst.js:103:16:103:29 | req.query.data |
+| tst.js:103:16:103:29 | req.query.data |
+| tst.js:105:9:105:12 | data |
+| tst.js:105:9:105:12 | data |
+| tst.js:107:9:107:12 | data |
+| tst.js:107:9:107:12 | data |
 edges
 | tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
 | tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo |
@@ -79,6 +86,12 @@ edges
 | tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo |
 | tst.js:95:9:95:16 | data.foo | tst.js:95:9:95:16 | data.foo |
 | tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo |
+| tst.js:103:9:103:29 | data | tst.js:105:9:105:12 | data |
+| tst.js:103:9:103:29 | data | tst.js:105:9:105:12 | data |
+| tst.js:103:9:103:29 | data | tst.js:107:9:107:12 | data |
+| tst.js:103:9:103:29 | data | tst.js:107:9:107:12 | data |
+| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data |
+| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data |
 #select
 | tst.js:6:5:6:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:6:5:6:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter |
 | tst.js:8:5:8:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:8:5:8:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter |
@@ -95,3 +108,5 @@ edges
 | tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:92:9:92:16 | data.foo | this HTTP request parameter |
 | tst.js:95:9:95:16 | data.foo | tst.js:95:9:95:16 | data.foo | tst.js:95:9:95:16 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:95:9:95:16 | data.foo | this HTTP request parameter |
 | tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | Potential type confusion as $@ may be either an array or a string. | tst.js:98:9:98:16 | data.foo | this HTTP request parameter |
+| tst.js:105:9:105:12 | data | tst.js:103:16:103:29 | req.query.data | tst.js:105:9:105:12 | data | Potential type confusion as $@ may be either an array or a string. | tst.js:103:16:103:29 | req.query.data | this HTTP request parameter |
+| tst.js:107:9:107:12 | data | tst.js:103:16:103:29 | req.query.data | tst.js:107:9:107:12 | data | Potential type confusion as $@ may be either an array or a string. | tst.js:103:16:103:29 | req.query.data | this HTTP request parameter |
diff --git a/javascript/ql/test/query-tests/Security/CWE-843/tst.js b/javascript/ql/test/query-tests/Security/CWE-843/tst.js
@@ -100,7 +100,7 @@ express().get('/foo', function (req, res) {
 });
 
 express().get('/foo', function (req, res) {
-    let data = req.query;
+    let data = req.query.data;
     if (Array.isArray(data)) {
         data.indexOf(); // OK
     } else {
