JS: Add consistency test

asgerf · asgerf · commit cf66d01e803b · 2022-02-16T13:35:01.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected
@@ -0,0 +1,2 @@
+consistencyIssue
+resultInWrongFile
diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql
@@ -0,0 +1,17 @@
+import javascript
+import semmle.javascript.security.dataflow.RequestForgeryQuery as RequestForgery
+import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery as ClientSideRequestForgery
+import testUtilities.ConsistencyChecking
+
+query predicate resultInWrongFile(DataFlow::Node node) {
+  exists(DataFlow::Configuration cfg, string filePattern |
+    cfg instanceof RequestForgery::Configuration and
+    filePattern = ".*serverSide.*"
+    or
+    cfg instanceof ClientSideRequestForgery::Configuration and
+    filePattern = ".*clientSide.*"
+  |
+    cfg.hasFlow(_, node) and
+    not node.getFile().getRelativePath().regexpMatch(filePattern)
+  )
+}
