Skip to content

Commit a6f3305

Browse files
author
Max Schaefer
authored
Merge pull request #1006 from asger-semmle/express-end
JS: Treat res.end() as alias for res.send() in Express
2 parents bc8906b + 2dc7f32 commit a6f3305

2 files changed

Lines changed: 5 additions & 3 deletions

File tree

change-notes/1.20/analysis-javascript.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
* Support for many frameworks and libraries has been improved, in particular including the following:
66
- [a-sync-waterfall](https://www.npmjs.com/package/a-sync-waterfall)
77
- [Electron](https://electronjs.org)
8+
- [Express](https://npmjs.org/express)
89
- [hapi](https://hapijs.com/)
910
- [js-cookie](https://github.com/js-cookie/js-cookie)
1011
- [React](https://reactjs.org/)

javascript/ql/src/semmle/javascript/frameworks/Express.qll

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -604,14 +604,15 @@ module Express {
604604
}
605605

606606
/**
607-
* An argument passed to the `send` method of an HTTP response object.
607+
* An argument passed to the `send` or `end` method of an HTTP response object.
608608
*/
609609
private class ResponseSendArgument extends HTTP::ResponseSendArgument {
610610
RouteHandler rh;
611611

612612
ResponseSendArgument() {
613-
exists(MethodCallExpr mce |
614-
mce.calls(rh.getAResponseExpr(), "send") and
613+
exists(MethodCallExpr mce, string name |
614+
mce.calls(rh.getAResponseExpr(), name) and
615+
(name = "send" or name = "end") and
615616
this = mce.getArgument(0)
616617
)
617618
}

0 commit comments

Comments
 (0)