mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Added test case @apollo/server with SSRF.
This commit is contained in:
@@ -0,0 +1,14 @@
|
||||
import { ApolloServer } from '@apollo/server';
|
||||
import { get } from 'https';
|
||||
|
||||
function createApolloServer(typeDefs) {
|
||||
const resolvers = {
|
||||
Mutation: {
|
||||
downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery]
|
||||
files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery]
|
||||
return true;
|
||||
},
|
||||
},
|
||||
};
|
||||
const server = new ApolloServer({typeDefs, resolvers});
|
||||
}
|
||||
Reference in New Issue
Block a user