hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Asger F <asgerf@github.com>
This commit is contained in:
Edoardo Pirovano
2022-01-04 10:07:34 +00:00
committed by GitHub
parent a616059761
commit 081765cbe8
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering.js
View File

@@ -4,7 +4,8 @@ var app = require("express")(),
app.get("/user-files", function(req, res) {
var file = req.param("file");
if (file.indexOf("..") !== -1) {
// BAD: we forbid relative paths that contain ..
// BAD
// we forbid relative paths that contain ..
// as these could leave the public directory
res.status(400).send("Bad request");
} else {

3
javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering_fixed.js
View File

@@ -4,7 +4,8 @@ var app = require("express")(),
app.get("/user-files", function(req, res) {
var file = req.param("file");
if (typeof file !== 'string' || file.indexOf("..") !== -1) {
// BAD: we forbid relative paths that contain ..
// GOOD
// we forbid relative paths that contain ..
// as these could leave the public directory
res.status(400).send("Bad request");
} else {