Skip to content

JS: Treat res.end() as alias for res.send() in Express #1006

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xiemaisi merged 2 commits into from
Mar 1, 2019
Merged

JS: Treat res.end() as alias for res.send() in Express #1006

xiemaisi merged 2 commits into from
Mar 1, 2019

Conversation

@asger-semmle
Copy link
Contributor

@asger-semmle asger-semmle commented Feb 28, 2019

res.end works like res.send since it actually forwards to NodeJS's response.end method.

An alternative way to implement this would be to treat Express response objects as a subtype of NodeJS's HTTP response objects, since those already recognize the end method. I'm not sure what the longterm benefits of that might be so I just took the easy way for now.

Running evaluation on express.slugs.

@asger-semmle asger-semmle added JS WIP This is a work-in-progress, do not merge yet! labels Feb 28, 2019
@asger-semmle asger-semmle requested a review from a team as a code owner February 28, 2019 12:42
ghost
ghost previously approved these changes Feb 28, 2019
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
(we could add a change note for this minor improvement)

I think we decided against using inheritance between NodeJS and Express way back.
The model of Connect explicitly use the inheritance, so I suspect we have a good reason not to use it for Express.

https://github.com/Semmle/ql/blob/edba24129d37ddd4fb490f416473bcb9a5bded39/javascript/ql/src/semmle/javascript/frameworks/Connect.qll#L89-L94

ghost
ghost previously approved these changes Feb 28, 2019
View reviewed changes
@asger-semmle
Copy link
Contributor Author

asger-semmle commented Feb 28, 2019

(we could add a change note for this minor improvement)

Added Express to the list of frameworks with improved support.

@asger-semmle
Copy link
Contributor Author

asger-semmle commented Mar 1, 2019

Evaluation looks good.

@asger-semmle asger-semmle removed the WIP This is a work-in-progress, do not merge yet! label Mar 1, 2019
@xiemaisi xiemaisi merged commit a6f3305 into github:master Mar 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@xiemaisi xiemaisi xiemaisi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asger-semmle @xiemaisi