Added test cases for rimraf library.

Napalys · Napalys · commit 14999c19dacc · 2025-04-02T12:46:48.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js
@@ -0,0 +1,30 @@
+const express = require('express');
+const rimraf = require('rimraf');
+
+const app = express();
+app.use(express.json());
+
+app.post('/rmsync', async (req, res) => {
+    const { path } = req.body; // $ MISSING: Source
+
+    rimraf.sync(path); // $ MISSING: Alert
+    rimraf.rimrafSync(path); // $ MISSING: Alert
+    rimraf.native(path); // $ MISSING: Alert
+    await rimraf.native(path); // $ MISSING: Alert
+    rimraf.native.sync(path); // $ MISSING: Alert
+    rimraf.nativeSync(path); // $ MISSING: Alert
+    await rimraf.manual(path); // $ MISSING: Alert
+    rimraf.manual(path); // $ MISSING: Alert
+    rimraf.manual.sync(path); // $ MISSING: Alert
+    rimraf.manualSync(path); // $ MISSING: Alert
+    await rimraf.windows(path); // $ MISSING: Alert
+    rimraf.windows(path); // $ MISSING: Alert
+    rimraf.windows.sync(path); // $ MISSING: Alert
+    rimraf.windowsSync(path); // $ MISSING: Alert
+    rimraf.moveRemove(path); // $ MISSING: Alert
+    rimraf.moveRemove.sync(path); // $ MISSING: Alert
+    rimraf.moveRemoveSync(path); // $ MISSING: Alert
+    rimraf.posixSync(path); // $ MISSING: Alert
+    rimraf.posix(path); // $ MISSING: Alert
+    rimraf.posix.sync(path); // $ MISSING: Alert
+});
