inkz/expressjs-source-sink-research.yaml

## expressjs-source-sink-research.yaml
rules:
- id: expressjs-source-sink-research
  mode: taint
  languages:
  - js
  - typescript
  message: >-
    Found a sink for Express.js app
  severity: WARNING
  pattern-sinks:
  - pattern: $FUNC(...)
  pattern-sources:
  - patterns:
    - pattern-either:
      - pattern-inside: function ... ($REQ, $RES) {...}
      - pattern-inside: function ... ($REQ, $RES, $NEXT) {...}
      - pattern-inside: $APP.get(..., function $FUNC($REQ, $RES) {...})
      - pattern-inside: $APP.post(..., function $FUNC($REQ, $RES) {...})
      - pattern-inside: $APP.put(..., function $FUNC($REQ, $RES) {...})
      - pattern-inside: $APP.head(..., function $FUNC($REQ, $RES) {...})
      - pattern-inside: $APP.delete(..., function $FUNC($REQ, $RES) {...})
      - pattern-inside: $APP.options(..., function $FUNC($REQ, $RES) {...})
    - pattern-either:
      - pattern: $REQ.$QUERY
      - pattern: $REQ.$QUERY.$PARAM
    - metavariable-pattern:
        metavariable: $QUERY
        patterns:
          - pattern-either:
            - pattern: accepts
            - pattern: acceptsCharsets
            - pattern: acceptsEncodings
            - pattern: acceptsLanguages
            - pattern: app
            - pattern: baseUrl
            - pattern: body
            - pattern: cookies
            - pattern: fresh
            - pattern: get
            - pattern: host
            - pattern: hostname
            - pattern: ip
            - pattern: ips
            - pattern: is
            - pattern: method
            - pattern: originalUrl
            - pattern: param
            - pattern: params
            - pattern: path
            - pattern: protocol
            - pattern: query
            - pattern: range
            - pattern: route
            - pattern: secure
            - pattern: signedCookies
            - pattern: stale
            - pattern: subdomains
            - pattern: xhr
	rules:
	- id: expressjs-source-sink-research
	mode: taint
	languages:
	- js
	- typescript
	message: >-
	Found a sink for Express.js app
	severity: WARNING
	pattern-sinks:
	- pattern: $FUNC(...)
	pattern-sources:
	- patterns:
	- pattern-either:
	- pattern-inside: function ... ($REQ, $RES) {...}
	- pattern-inside: function ... ($REQ, $RES, $NEXT) {...}
	- pattern-inside: $APP.get(..., function $FUNC($REQ, $RES) {...})
	- pattern-inside: $APP.post(..., function $FUNC($REQ, $RES) {...})
	- pattern-inside: $APP.put(..., function $FUNC($REQ, $RES) {...})
	- pattern-inside: $APP.head(..., function $FUNC($REQ, $RES) {...})
	- pattern-inside: $APP.delete(..., function $FUNC($REQ, $RES) {...})
	- pattern-inside: $APP.options(..., function $FUNC($REQ, $RES) {...})
	- pattern-either:
	- pattern: $REQ.$QUERY
	- pattern: $REQ.$QUERY.$PARAM
	- metavariable-pattern:
	metavariable: $QUERY
	patterns:
	- pattern-either:
	- pattern: accepts
	- pattern: acceptsCharsets
	- pattern: acceptsEncodings
	- pattern: acceptsLanguages
	- pattern: app
	- pattern: baseUrl
	- pattern: body
	- pattern: cookies
	- pattern: fresh
	- pattern: get
	- pattern: host
	- pattern: hostname
	- pattern: ip
	- pattern: ips
	- pattern: is
	- pattern: method
	- pattern: originalUrl
	- pattern: param
	- pattern: params
	- pattern: path
	- pattern: protocol
	- pattern: query
	- pattern: range
	- pattern: route
	- pattern: secure
	- pattern: signedCookies
	- pattern: stale
	- pattern: subdomains
	- pattern: xhr