Added test where RegExp. is used after matchAll but it not flagged as…

… potential issue
github · Nov 8, 2024 · c2baf0b · c2baf0b
1 parent dbd57e3
commit c2baf0b
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/javascript/ql/test/query-tests/Security/CWE-117/logInjectionBad.js b/javascript/ql/test/query-tests/Security/CWE-117/logInjectionBad.js
@@ -123,3 +123,8 @@ const serverMatchAll = http.createServer((req, res) => {
     let otherStr = username.matchAll(/.*/g)[0]; // BAD
     console.log(otherStr);
 });
+
+const serverMatchAl2l = http.createServer((req, res) => {
+    const result = url.parse(req.url, true).query.username.matchAll(/(\d+)/g); // BAD - match is marked as vulnerable, while matchAll is not.
+    console.log("First captured group:", RegExp.$1);
+});